TIG Post

Tag: Cybersecurity

  • CSA to enforce legal action against unlicenced cybersecurity providers

    CSA to enforce legal action against unlicenced cybersecurity providers

    The Cyber Security Authority (CSA) has issued a warning to Cybersecurity Service Providers (CSPs), Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs) who are operating without proper licenses or accreditation from the Authority.

    The CSA emphasized that offering such services without meeting the necessary legal requirements violates the Cybersecurity Act, specifically Sections 49 and 57 of Act 1038, 2020. The Authority has initiated steps to penalize those in breach.

    In a speech delivered on behalf of the Director-General, Dr. Albert Antwi-Boasiako, at a licensing and accreditation event in Accra, the CSA reaffirmed its commitment to regulating and cleaning up the cybersecurity sector.

    “In accordance with the CSA mandate in Sections 3, 4(k), 49, 57, and 59 of the Cybersecurity Act, 2020 (Act 1038), CSA has a duty to regulate cybersecurity activities within the country; which includes licencing cybersecurity service providers (CSPs), and accrediting cybersecurity establishments (CEs) and cybersecurity professionals (CPs).

    “I want to take this opportunity to once again caution all CSPs, CEs, and CPs that are providing cybersecurity services without a license or performing cybersecurity-related professional functions without accreditation granted by the Authority.

    “The Authority is committed to ensuring that all defaulting institutions and individuals face the appropriate sanctions, including administrative penalties and criminal prosecutions where applicable. Further, take note that enforcement processes against non-compliant registrants and applicants have commenced and all defaulters will face the full rigours of the law,” he warned.

    At a ceremony held in Accra on Thursday, September 12, 2024, the Cyber Security Authority granted licenses and accreditations to 18 cybersecurity service providers, 7 cybersecurity establishments, and 69 professionals who successfully completed the application process and met the necessary operational requirements.

    Describing the event as a significant milestone, the Authority highlighted that the exercise reflects the country’s steadfast dedication to enhancing digital security and resilience.

    “I once again extend my congratulations to all licensees and accredited establishments and professionals. This achievement signifies a pivotal moment for CSA and the industry, as it reaffirms CSA’s dedication to building a digitally resilient Ghana and a testament to the commitment of CSPs, CEs, and CPs as key stakeholders in Ghana’s cybersecurity development.

    “Let us continue working together through collaboration, vigilance, and innovation, to ensure Ghana continues being a hub of cybersecurity excellence in Africa,” he urged.

    He further emphasized that receiving licenses and certificates of accreditation places a responsibility on recipients to uphold high standards and professionalism in delivering the services for which they have been authorized.

    “Licensees must observe utmost good faith toward clients while complying with Act 1038 and all applicable laws, including confidentiality and data protection obligations.”

    The Cyber Security Authority (CSA) officially launched the licensing and accreditation process in March 2023. As a result, in July 2024, it issued licenses to eight Cybersecurity Service Providers (CSPs) and granted accreditation certificates to eight Cybersecurity Establishments (CEs) and thirty-five Cybersecurity Professionals (CPs). To date, the Authority has successfully registered 252 CSPs, 65 CEs, and 1,451 CPs.

  • The imperative of prioritising cybersecurity in the Boardroom

    The imperative of prioritising cybersecurity in the Boardroom

    In today’s interconnected world, where digital transformation and data-driven decision-making are paramount, the boardroom must give cybersecurity its highest priority.

    Cyber threats have evolved from being a technical nuisance to a critical business risk that can have profound consequences on an organization’s operations, reputation, and financial health. This essay explores the compelling reasons why the boardroom must make cybersecurity a central focus of its governance agenda.

    I. Protecting Critical Assets

    First and foremost, the boardroom should prioritize cybersecurity to protect critical assets. Organizations store vast amounts of sensitive information, including customer data, proprietary research, financial records, and intellectual property. Cyberattacks, ranging from data breaches to ransomware attacks, pose a direct threat to these assets. A breach can result in not only financial losses but also long-term damage to the organization’s reputation and trustworthiness.

    II. Safeguarding Reputation

    A company’s reputation is a priceless asset that can take years to build and moments to shatter. Cybersecurity incidents, such as data breaches or cyberattacks, can inflict severe reputational damage. Customers, partners, and stakeholders expect their data to be handled securely, and a security lapse can erode trust and goodwill. Prioritizing cybersecurity is an investment in preserving and safeguarding the organization’s reputation in an era where reputation is as valuable as any tangible asset.

    III. Regulatory Compliance

    The regulatory landscape surrounding cybersecurity is increasingly complex and demanding. Governments and industry bodies have introduced stringent data protection and privacy regulations, such as the  Data Protection Act, 2012 , the Bank of Ghana Cyber and Information Security Directive, 2018 and the Cybersecurity Act, 2020. Non-compliance can lead to substantial fines and legal repercussions. Boards have a fiduciary duty to ensure that the organization adheres to these regulations, making cybersecurity a compliance imperative.

    IV. Financial Resilience

    Cyberattacks can have significant financial implications. The costs associated with mitigating a breach, including digital forensic investigations, legal fees, crisis management, and potential compensation to affected parties, can be staggering. Additionally, downtime caused by cyber incidents can lead to revenue loss. Investing in robust cybersecurity measures is an essential strategy for enhancing financial resilience by preventing or mitigating these potential financial shocks.

    V. Strategic Decision-Making

    In the digital age, technology underpins nearly every facet of business operations. Cybersecurity is no longer an isolated IT concern but an integral part of strategic decision-making. Boards must understand that a strong cybersecurity posture enables organizations to adopt emerging technologies, innovate securely, and ensure business continuity. A well-protected digital infrastructure is the foundation upon which strategic decisions are made and business growth is achieved.

    Conclusion

    As we observe the cybersecurity awareness month, it’s time to emphasize that the boardroom’s prioritization of cybersecurity is not merely a recommendation; it is an absolute necessity. Cyber threats have become one of the most significant risks facing organizations today, and failing to address them adequately can lead to dire consequences. By giving cybersecurity its highest priority, the boardroom can fulfill its fiduciary duty to protect critical assets, safeguard the organization’s reputation, ensure regulatory compliance, enhance financial resilience, and enable strategic decision-making in the digital era. In doing so, the boardroom lays the foundation for a secure, resilient, and prosperous future for the organization and its stakeholders.

    Source: Myjoyonline.com

    DISCLAIMER: Independentghana.com will not be liable for any inaccuracies contained in this article. The views expressed in the article are solely those of the author’s, and do not reflect those of The Independent Ghana

  • Cybersecurity threats influenced by Lack of awareness – Dr Antwi-Boasiako

    Cybersecurity threats influenced by Lack of awareness – Dr Antwi-Boasiako

    Director General of the Cyber Security Authority, Dr. Albert Antwi-Boasiako, emphasized the necessity for the government and institutions across the ECOWAS sub-region to enhance awareness of cybersecurity.

    He highlighted that until this issue is tackled, addressing cyberattacks and threats will remain challenging.

    During a media briefing at the West African Regional CSIRTS Symposium in Accra on Tuesday, April 16, 2024, Dr. Antwi-Boasiako urged institutions to fortify their cyberspace through investment, rather than waiting for an attack that could compromise the confidentiality, integrity, and accessibility of information.

    He said, “The biggest challenge we have is the lack of awareness that the threat even exists and I say it is because once you don’t have visibility, it becomes difficult for you to even take steps to address them….”

    “We’ve seen institutions only step up their investment in cybersecurity after they have been attacked. That is not a good way to go, I believe once we increase awareness across board, institutions, government will gradually put in necessary investment in preventing cyber attacks that could undermine the confidentiality, integrity and availability of information,” the Director General of Cyber Security Authority stated.

    Dr. Antwi-Boasiako also highlighted that the Cyber Security Authority is collaborating with the central bank, the Bank of Ghana, to create a security operating system aimed at purifying the nation’s cyberspace.

    He elaborated that cyber crises or attacks can jeopardize the confidentiality and accessibility of digital services.

    The Director General of the Cyber Security Authority emphasized that the convening of various CSIRTS representatives in Ghana aimed to foster collaboration and address prevalent trends in the cyber domain with appropriate solutions.

  • Cybersecurity Authority gives accreditation to over 1400 institutions, individuals

    Cybersecurity Authority gives accreditation to over 1400 institutions, individuals

    The Cybersecurity Authority (CSA) has reported that approximately 1,400 individuals and businesses in Ghana have obtained accreditation since the implementation of the cybersecurity regulatory regime in March 2023.

    According to a statement released on February 20, 2024, the CSA revealed that as of February 19, 2024, a total of 1,383 Cybersecurity Professionals (CPs), 194 Cybersecurity Service Providers (CSPs), and 52 Cybersecurity Establishments (CEs) had been registered with the Authority.

    Despite the increase in registrations, the CSA highlighted that many businesses still operate without the required accreditation. The deadline for operators to secure the license was December 2023, as per sections 3(a), 4(k), 49, 50, 51, 57, and 59 of the Cybersecurity Act, 2020 (Act 1038).

    The Authority reiterated its commitment to enforcing the deadline and prohibiting individuals and businesses without the necessary licenses or accreditation from operating in Ghana.

    The CSA has warned all cybersecurity operators offering services without accreditation to obtain the license or face penalties, including administrative penalties and criminal prosecutions, as per sections 49, 92, and 95 of the Act.

    Additionally, the CSA is collaborating with the Public Procurement Authority (PPA) to ensure that public sector institutions comply with the rules established under Act 1038. Furthermore, they are working with the Judicial Service of Ghana to enforce the provisions of the Cybersecurity Act in courts.

    Press-release-PGH-DC-2024-photospeak-AA-Edit-1-1Download
  • Dr. Antwi-Boasiako urges public, institutions to safeguard their cybersecurity space

    Dr. Antwi-Boasiako urges public, institutions to safeguard their cybersecurity space

    Director-General of the Cyber Security Authority, Dr. Albert Antwi-Boasiako, has emphasized the importance of public, particularly institutions, taking responsibility for their cybersecurity through the adoption of antivirus software.

    He highlighted that investing in antivirus software is one of the most effective measures to safeguard sensitive data from malicious programs. Speaking at a cybersecurity awareness symposium organized by the Accra Technical University (ATU), Dr. Antwi-Boasiako underscored that the evolving cyber landscape exposes both individuals and organizations to heightened risks.

    The symposium was part of the school’s activities to commemorate this year’s Cybersecurity Awareness Month, a global campaign designed to remind individuals to protect themselves, their families, and their businesses from online threats.

    Their local theme was “Strengthening the Weakest link in the Cyber Security Ecosystem to protect the crown Jewels of Tertiary education Infrastructure.”

    Dr. Antwi-Boasiako emphasized that individuals’ limited ability to protect their personal information even to a minimal extent represents the most vulnerable aspect of cybersecurity.

    He advised businesses, with a particular focus on educational institutions, to implement the essential measures required to secure sensitive data, including test results, bank account details, and student information.

    “It is not enough to invest in technologies to protect sensitive information, but it is important to build the capacity of the people to man the systems,” he said.

    The need for cybersecurity has increased, according to Professor Amavi Acakpovi, Acting Vice-Chancellor of ATU, as a result of the emergence of COVID-19 and the rise in the use of the internet for a variety of purposes, such as conducting meetings and exams online.

    “Today we run many information technology systems in the University, such as academic records management, human resource records, financial records, admission and certification,” he said.

    According to Prof. Acakpovi, the university has made efforts to be a hub of innovation and knowledge, and it is at the forefront of technological education.

    “We recognise that, in the 21st century, our students, faculty, and the community at large must be well-versed in the art of cyber defence,” he said.

    He claimed that cooperation was essential to the nation’s digital society’s future, the security of sensitive data, and the preservation of vital infrastructure.

    According to Prof. Acakpovi, the School has strengthened its defenses by establishing cutting-edge cybersecurity programs, investing in cutting-edge technology, and collaborating with government agencies and industry experts.

    He said, “The threats we face today may pale in comparison to those of tomorrow, hence, the need for continuous dialogue, the dissemination of knowledge, the exploration of emerging trends, and the sharing of best practices are not just a necessity; it is our moral and ethical obligation to future generations.”

  • Agradaa behind bars again over nude photos trial involving a prophet

    Founder and leader of the Heaven Way Champion International Ministry, Nana Agradaa, has been rearrested in connection with a case involving the publication of nude pictures of prophet Emmanuel Appiah Ennin.

    These explicit photos were reportedly shared on Agradaa’s TV station, Thunder TV, in 2022.

    In February 2023, Agradaa was initially charged with the non-consensual sharing of intimate images, a violation of Sections 67(1) of the Cybersecurity Act (Act 1038).

    During her arraignment before Circuit Court 10, presided over by Her Honour Mrs Evelyn Asamoah, Agradaa pleaded not guilty to the charge.

    The exact reason for Agradaa’s recent rearrest, which occurred on July 12, 2023, remains unclear.

    Per reports from UTV , alongside Agradaa, four other accomplices were also arrested: Enock Owusu Kissi, Charles Omane (alias One Gig), Emmanuel Kofi Gyasi, and an individual named Andy who is currently at large.

    All five individuals faced charges of abetment of a crime, specifically non-consensual sharing of intimate images.

    Following their arrest, Agradaa and her accomplices were granted bail in the amount of GHc100,000.00, with each required to provide three sureties. The case continues to unfold, and further developments are expected in due course.

    Brief facts

    The brief facts of the case as presented to the court by the Prosecutor, ASP Emmanuel Haligah, were that the Complainant, Emmanuel Appiah Fomum, is a Prophet and resides at Teshie, Accra.

    He said the 1st Accused Patricia Asiedua is a lady Pastor residing at Weija and the 2nd accused Enoch Owusu Kissi is a media Practitioner residing at Weija.

    The Prosecutor told the court also that the 3rd accused Charles Omane alias One Gig is a businessman residing at Nungua and 4th accused Emmanuel Kofi Gyasi is a Television (TV) Presenter residing at Nungua while the 5th accused person Andy is at large.

    ASP Haligah said, sometime in 2020 the 1st accused Patricia Asieduwaa who was the owner of a TV station called ‘Thunder TV’ hosted a programme on her TV station and intentionally showed the naked pictures of the complainant on live TV.

    The prosecutor said, Nana Agradaa made mockery of him with all the other accused persons who were panelist on the said programme encouraging her on the course.

    He said the said programme was also streamed live on Youtube and Facebook where a witness, in this case, saw it and informed the complainant about it.

    The Prosecutor told the court that the 1st accused also intentionally distributed intimate images of the complainant to a witness in this case via WhatsApp.

    He said the complainant reported the matter to Police for assistance and during investigation all the accused persons with the exception of the 5th accused who is at large were arrested for investigation.

    He said the Police retrieved the intimate images of the complainant which were shared or distributed by 1st accused Patricia Asieduwaa.

    ASP Haligah said in the course of investigation, the programme on which the intimate images were shown was retrieved by Police and played back to all the accused persons who identified themselves in the video of the programme hosted by 1st accused.

    He said after investigation the accused persons were charged with the offences and arraigned.

  • Cybersecurity operation by BoG, EOCO, leads to arrest of 420 suspected loan app operators

    Cybersecurity operation by BoG, EOCO, leads to arrest of 420 suspected loan app operators

    Over 420 alleged loan app operators have been detained as a result of a joint operation by the Cyber Security Authority, the Bank of Ghana, and the Economic and Organized Crime Office (EOCO).

    Authorities in Accra conducted a raid at some of the suspected locations of online lending app operators.

    “The three collaborating institutions launched a swoop in the early hours of Monday, July 10, 2023, as part of a Joint Cybersecurity Committee operation which resulted in the arrest of over 420 suspects”, a statement from the authority mentioned.

    From the place of Central Bank, the surge in loan applications is in violation of Act 930 of 2016, which is the law governing banks and specialized deposit-taking institutions.

    The bank claimed that it has noticed the continued functioning of unlicensed organizations that are involved in offering loans to the people of Ghana via mobile applications.

    The Bank emphasized that these organizations’ actions gravely violate laws governing customer data and privacy as well as standards and regulations for consumer protection, with negative repercussions for the honesty and welfare of their clients.

    In order to promote the integrity of financial service delivery, the Bank of Ghana will continue to take action against these organizations in coordination with pertinent governmental agencies.

  • Try these US Universities for your MSc/PhD programs in Data Science and Cybersecurity

    Try these US Universities for your MSc/PhD programs in Data Science and Cybersecurity

    Here is a list of universities in the US that offer masters program in Cyber security and Data Science

    1. Carnegie Mellon University
    2. Georgia Institute of Technology
    3. Massachusetts Institute of Technology
    4. University of California – Berkeley
    5. University of Illinois at Urbana-Champaign
    6. University of Michigan – Ann Arbor
    7. University of Washington
    8. University of Wisconsin – Madison
    9. Columbia University
    10. New York University
    11. Stanford University
    12. University of Chicago
    13. University of California – Los Angeles
    14. University of Southern California
    15. University of California – San Diego
    16. University of Pennsylvania
    17. University of Maryland – College Park
    18. University of Virginia
    19. Johns Hopkins University
    20. North Carolina State University
    21. Purdue University
    22. Rutgers University
    23. Virginia Polytechnic Institute and State University
    24. Arizona State University
    25. University of Arizona
  • Cybersecurity: The technology sector’s fastest growing industry

    Cybersecurity: The technology sector’s fastest growing industry

    Edmond Sarpong says Cybersecurity has become increasingly popular in recent times

    The technology sector is rapidly growing and expanding to include multiple sectors including soft development, e-commerce, fintech, telecommunications, machine learning, artificial intelligence, cloud computing and cyber security to name a few key categories.

    According to Grandview Research, the global cyber security market was valued at $202.72B in 2022 and is projected to expand at a compound annual growth rate (CAGR) of 12.3% from 2023 to 2030.

    Cybersecurity is the protection of computer systems which includes data, hardware and software from attacks and threats or unauthorized access. Although it may look as though cybersecurity is an emerging tech field, it has been on the rise for the last 20 years.

    Cybersecurity has become increasingly popular in recent times, especially after the pandemic, with so many employees working from home or having hybrid work environments. Thus, all over the world, there are many companies, businesses and organizations looking to recruit cybersecurity professionals to ensure that their company assets are safe from malware and attacks.

    A quick search on www.cyberseek.org of cyber security jobs showed results of over 750,000 jobs available in the industry.

    According to IBM, the cost of a data breach can be significant, with companies spending an average of $4 million globally or $9 million in the USA for each incident. As a result, cybersecurity professionals are well compensated for their critical role in protecting a company’s assets.

    Cybersecurity is critical in today’s world because anyone can be a victim to cyber criminals. A cyberattack affects the economy, can create threats to national security and make the web environment unsafe.

    Edmond Sarpong, CEO of Prime Tech Associates states that “cyber security’s importance in today’s business world cannot be underestimated. Cyber criminals are lurking after businesses and individuals, and this is expected to continue to be on the rise in today’s digital world”.

    Unique for this IT field, cybersecurity offers high wages and competitive salaries along with flexible or remote work environments making this profession one of the most sought-after industries.

    In fact, according to Fortune.com there is a global shortage of 3.4M workers in the field which continues to keep cyber wages on the rise.

    This is the inspiration behind Prime Tech Associates, a USA based cyber security agency that specializes in training Africans both in the diaspora and on the African continent, a crash course in cyber security to enter the industry.

    “As a first-generation immigrant, finding a career path takes a lot of time, effort and trial and error. At times it requires you to dig deep and be motivated by grit and determination. On the African continent, technology is becoming an innovative part of everyday life,” says Edmond Sarpong.

    “There is an opportunity here through cyber security to easily identify a life changing and lucrative career path that can allow Africans, everywhere, to gain financial freedom to provide for their families and make a greater and visible impact on organizations small or large.”

    Source: Ghanaweb

  • Efficient background checks critical to Ghana’s recruitment efforts – MRB

    Emmanuel Kwame Morrison, a cybersecurity analyst, has emphasized the significance of effective background and data checks in hiring Ghana’s public and private sector labor force.

    He claims that in order to close all the gaps that manual background checks can leave open, these checks are essential, necessitating greater workforce investment in cybersecurity technology.

    The cybersecurity expert emphasized the significance of Ghana’s digitalization strategy and its impact on the economy and development while speaking at the opening of Morrison Records Bureau (MRB) operations in Accra.

    “We are in a new dawn and with Ghana leading the continent with its digitalization drive, more tech companies will set shop in Ghana and contribute to the country’s economic development,” he noted.

    “By using ultra-modern technology and software with minimal bugs, we will provide businesses and individuals with client-focused and result-driven services, meeting demands with a high level of integrity and professionalism,” Kwame Morrison explained.

    The Cybersecurity analyst further implored companies and businesses to take advantage of the first indigenous technology-driven background checking system.

    “We [MRB] aim to provide trusted technology-driven background check services to assist individuals and businesses. We have also followed all due processes and secured all prerequisite data protection clearance to run background check services in Ghana and other key markets on the continent.”

    Meanwhile, Dr. Jeff Bassey a Global HR practitioner and expert said the employment of deviant persons in any organisation must be critically checked else the institution will face the risk of being slapped with charges or questions of negligent hiring.

    “Normally, the perpetrator and the organisation are jointly liable in the evidence that the individual causes harm in any form. Many organisations have been slapped with liabilities in times past in decided cases both in Ghana and elsewhere.”

    “No organisation will want to pay huge compensations for negligent hiring and so it’s important that companies deploy the necessary background checks during recruitment,” Dr. Bassey added.

  • Incorporate cybersecurity best practices your everyday lives – CDS urges military officers

    Vice Admiral Seth Amoama, the Chief of Defence Staff, has urged officers in the Ghana Armed Forces (GAF) to exercise caution, take responsibility, and adopt cybersecurity best practices into their daily routines and online behavior.

    He claimed that for some time, cyberspace had been threatened by hacking, data leaks, social engineering techniques, and cyberfraud.

    He claimed that there had been a sharp increase in cybersecurity attacks recently, and the GAF was not exempt.

    Vice Admiral Amoama, therefore, said it had become imperative for the officers to enrich their knowledge in Cybersecurity to ensure force’s data was safe from attacks from both internal and external bad actors.

    He made the call in Accra yesterday during the launch of this year’s GAF Cybersecurity Awareness Month.

    The event was held on the theme “Regulating Cybersecurity: A Public-Private Sector Collaborative Approach.”

    Cybersecurity Awareness Month

    Ghana is one of the countries in the world that observe the month of October as National Cybersecurity Awareness Month.

    The month-long event seeks to intensify the capacity building and awareness creation efforts on cybersecurity, cybercrime, and educate citizens on the importance of good cyber hygiene and cyber best practices.

    This year’s occasion will comprise workshops, lectures, demonstrations and training sessions on essentials of cybersecurity and the implications of the use of the social media by all ranks within the GAF.

    Weakest link

    The CDS said new technology and system would incorporate cybersecurity to guarantee and ensure system integrity, resilience and robustness.

    However, he said research had established that the user, which is the human element, was the weakest link in computer security.

    He said people were known to be more vulnerable than computers and smart devices. Sequel to that, Vice Admiral Amoama said the issues of data protection, security of information, misuse of social media platforms, secret recording of confidential or sensitive events and their subsequent leakages to the media had become great concern to the military high command.

    To this end, I urge All Ranks to desist from unprofessional acts that seeks to tarnish the image of our noble profession.

    I have also directed that regular reminders of extracts on communications and information systems policy and cybersecurity titbits be published in the unit routine orders to guide all ranks on the use of the internet and social media engagements,” the CDS said.

    Ghana’s cybersecurity development

    On his part, the acting Director General of the National Cybersecurity Authority, Dr. Albert Antwi-Boasiako said Ghana’s cybersecurity development was rated at 32.6 per cent according to the Global Cybersecurity Index in 2017.

    As at the end of 2020, he said the country’s readiness level was rated at 86.69 per cent, thus, becoming the third highest ranked country in Africa after Tanzania and Mauritius and the 43rd ranked country in the world.

    He said authority, therefore, recognised the contribution of the GAF to that development and hoped to build upon that success through the work of the Joint Cybersecurity Committee which had three senior officers of the GAF representing.

  • Ransomware-style hacking campaign: Three Iranian hackers charged

    In what officials described as a “ransomware-style” cyber campaign, the US Justice Department on Wednesday unsealed a criminal indictment charging three Iranian nationals of hacking the networks of hundreds of victims in the US and abroad.

    Although the indictment does not allege the hackers acted on behalf of the Iranian government, U.S. law enforcement agencies released a joint advisory warning about “continued malicious cyber activity” by actors affiliated with Iran’s Islamic Revolutionary Guard Corps, while the Treasury Department blacklisted bitcoin addresses tied to two of the defendants.

    The cybersecurity advisory was issued jointly by U.S., Australian, British, and Canadian law enforcement agencies.

    In a video statement, FBI Director Christopher Wray said the advisory underscored the “broader threat” posed by Iranian cyber actors.

    “To these sorts of actors, nothing is off limits, not even, for example, Boston Children’s Hospital, which they set their sights on in the summer of 2021,” Wray said in a video statement.

    The three Iranian nationals — identified as Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari — are accused of carrying out “computer intrusions and ransomware-style extortion” between October 2020 and August 2022, according to a 30-page indictment unsealed Wednesday.

    The men remain at large and are believed to be in Iran, according to U.S. law enforcement officials.

    The State Department’s Rewards for Justice Program announced a reward of up to $10 million for information about the three.

    Although the charging document does not accuse the Iranian government of sponsoring their activity, the Treasury Department said in a statement that all three defendants were affiliated with the IRGC, a branch of the Iranian military that operates a number of cyber threat actors tracked by the FBI.

    “These IRGC-affiliated actors are actively targeting a broad range of entities across multiple U.S. critical infrastructure sectors, as well as organizations in Australia, Canada and the United Kingdom,” a senior FBI official said during a background call with reporters, speaking on condition of anonymity.

    This is not the first time Iranian hackers have been charged in a broad cybercrime conspiracy. But the indictment comes as the Biden administration has mounted a whole-of-government effort over the past year to combat what is widely seen as a growing threat to U.S. national security: cybercriminals targeting critical infrastructure and services in what are known as “ransomware attacks.”

    In a ransomware attack, cybercriminals encrypt a victim’s computer files and then demand payments in cryptocurrency in exchange for decrypting them.

    U.S. law enforcement officials described the Iranian campaign of hacking and extortion as a “ransom-related cyberattack.”

    Among the victims were a New Jersey township, two accounting firms, two power companies, a housing authority in Washington state, and a domestic violence shelter in Pennsylvania.

    Wray said many of the victims of the hacking campaign “offer critical services we all rely on every day.”

    “I’m talking about health care facilities, power companies, local governments in communities across the United States and around the globe,” he said.

    In some cases, the hackers demanded hundreds of thousands of dollars in payment, a Justice Department official said. Some victims made ransom payments. The domestic violence shelter paid $13,000 to restore access to its systems and data, according to the indictment.

    Law enforcement officials said the victims were “targets of opportunity,” identified because of vulnerabilities in their computer systems.

    In addition to targeting victims in the U.S., the hackers targeted companies and organizations in the United Kingdom, Iran, Israel, and Russia.

    “No form of cyberattack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to our national security,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey.

  • CSA urges Ghanaians to be cybersecurity conscious

    The country’s cybersecurity regulator, the Cyber Security Authority (CSA), has urged Ghanaians to be aware of cybersecurity issues in light of recent worldwide cyber incidents that have had a severe impact on people, businesses, and other essential information infrastructure.

    Speaking at the media launch of the National Cybersecurity Awareness Month in Accra on Wednesday, September 14, 2022, the acting Director General of the Authority, Dr. Albert Antwi-Boasiako, said with the advancement in modern technology and the wide use of the internet, cybercriminals have leveraged the benefits of the internet to carry out their activities more covertly, thereby causing harm to individuals and businesses in the cruellest manner.

    “While digitalisation is bringing remarkable economic and societal benefits to majority of the global population, it is worth noting that these technologies, irrespective of the opportunities they create, have inherent risks such that when taken advantage of by cybercriminals, could have detrimental effects on individuals, enterprises, societies, and nations at large.

    “Studies have shown that, an increasing reliance on the Internet has created more risks and vulnerabilities and opened up new possibilities for criminal activity. The Global Risks Reports 2022 indicates that cybersecurity threats are growing; malware and ransomware attacks increased by 358% and 435% respectively in 2020. The report also ranked cyber-attacks as the seventh most likely and eighth most impactful risk facing businesses globally,” Dr. Antwi-Boasiako said.


    He said the rise in cybercrimes globally has led the Authority to intensify public awareness and enhance public-private sector understanding of cybersecurity regulations, hence, the reason behind its National Cyber Security Awareness Month (NCSAM).

    The NCSAM, institutionalized in October 2018 is the leading event within the cybersecurity space that seeks to educate children, the public, businesses, and government stakeholders on cyber hygiene best practices.

    This year’s celebration, under the theme; “Regulating Cybersecurity: A Public-Private Sector Collaborative Approach” will help build synergies among all relevant stakeholders to ensure compliance with cybersecurity regulations.

    On her part, Deputy Minister for Communications and Digitalisation, Ama Pomaa Boateng said though government has put in place appropriate measures for the attainment of a reliable and robust digital economy, the digital space is still prone to varying cyberattacks which must be a concern for all. She said fighting cybercrime is a collective responsibility and that is why government is leading an all-hands-on-deck approach to combating the menace.

    Touching on the need for the public and private sector to collaborate on the fight, Chief Executive Officer of the Ghana Chamber of Telecommunications, Dr. Ing.  Kenneth Ashigbey, urged all stakeholders to participate fully in the month-long event. He said for the awareness programme to achieve its desired outcome, the public and private sector, faith-based organizations, Civil Society Organizations (CSOs) and the media should come on board and educate its members on cybersecurity.

    Source: citinewsroom

  • Become interested in cybersecurity to protect data – Expert to Ghanaians

    Universities in particular are being asked to show an interest in investing in cybersecurity and building capacity to defend their systems in light of the numerous data fraud and hacking events.

    Professor Goski Alabi, the president of Laweh University College, claims that cybercrime is still a problem for academic institutions and that addressing it will take a deliberate and coordinated effort.

    She cited how many colleges prioritize sextortion while discussing academic integrity.
    However, the example of people manipulating data through cybercrime is another problem that is stealthily destroying organizations.

    “Academic integrity and academic fraud are not only limited to Africa or Ghana – it is a global phenomenon; and what we are saying more and more has to do with concerns over sextortion, which is sex for grades.

    “But one of the biggest challenges academic institutions are facing globally has to do with cybercrimes, and I think it is important that we recognise this because it affects academic integrity. So there is a need to have more concerted and comprehensive approaches to addressing it,” she told the media.

    She added that given the existence of open universities like her institution, where learning online is mostly allowed, it has become vital to train staff against fraud.

    “We advocate that there should be continuous professional development as a requirement for every institution to train their Information Technology personnel as well as cybersecurity offices. Specifically, it has to do with data governance and information management systems that are in place and how the critical control points are managed within systems,” she indicated.

    Cyberattacks

    The World Economic Forum’s global cybersecurity outlook report indicates that cyberattacks increased 125 percent globally in 2021, with evidence suggesting an upward rise in 2022.

    Acting Principal Consultant at e-Crime Bureau, a leading cyber security, digital forensics and intelligence firm, Philip Debrah Danquah, reiterated that the country has made significant strides with its growth in cybersecurity and data protection by establishing the Data Protection Commission and the Cyber Security Authority.

    The country’s cybersecurity advancement, which was placed third in Africa by the Global Cybersecurity Index (GCI) of the International Telecommunication Union (ITU) in 2021, is proof of this, the speaker continued.

    To strengthen the business posture of institutions, he added, research and industry evaluations have indicated that despite the progress made, cyberattacks, fraud, phishing, data breaches, and sophisticated hacks necessitate skills able to detect, respond to, and prevent these gaps.

  • Ghana needs human capital investment in cybersecurity

    Ms Etti Berger, Chief Executive Officer of TripleP, an Israeli cybersecurity company, has underscored the need for a shift from acquisition of Information Technologies (IT) to human capital investment in cybersecurity.

    She said the country needed to appreciate and build capacities as it prepared with right strategies to deal with the risks of emerging technologies such as Artificial Intelligence (AI), especially when government was pursuing an agenda of digitalisation.

    “We need to build more skills as there is a lot of unfilled positions in the cyber security space and not many hands-on experienced people.

    “There are a lot of IT experienced people, and the natural step is to move them from IT to cyber,” she said.

    She made the remarks during an interview at the beginning of a three-day workshop on cybersecurity, organised by the Israeli Trade and Economic Mission to Ghana for heads of private and public institutions in the country.

    At the business level, Ms Berger said employers needed to be aware that the main threat to their organisations was internally posed by employees who may unconsciously compromise cybersecurity systems of the organisation.

    In that regard, she called for a regular training and sensitisation of employees on cyber threats to safeguard the organisations.

    Mrs Shlomit Sufa, the Israeli Ambassador to Ghana, said cyber-attacks were issues of great concern in most organisations the world over adding that, “asorganisations aim to reach various heights of digital transformation, they become more vulnerable to cyber-attacks.”

    She was hopeful that the workshop would lead to the establishment of good relations between players in both the Ghanaian and Israeli cyber ecosystem.

    Mr Michael Selassie Agbeko, a participant, who is a security officer, said security was paramount for his organisation that handled files and documents.

    The workshop, he said, would go a long way to improve knowledge and help him avert imminent cyber threats.

    Source: GNA

  • 3 Predictors of Cybersecurity Startup Success

    Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.

    Few aspects of the cybersecurity industry evoke more polarizing reactions than the use of venture capital to fund startups.

    On the one hand, startup founders seek the attention of investors with the ferocity of authors searching for publishers. Without investment capital, new companies cannot grow properly, especially if their technology requires a period of long stealth development in advance of any customer revenue.

    On the other hand, security practitioners tend to exhibit lukewarm, even hostile, emotions toward investors. This should not be surprising when one considers that venture capitalists might be viewed as growing rich by betting on technologies required to protect citizens and business from attacks.

    One fact that everyone agrees on, however, is the staggering growth of the aggregate investment being made in this segment. According to Statista, the size of the venture capital market for cybersecurity grew to over $21 billion USD, up from roughly $9 billion just one year before.

    Another fact everyone agrees on is the common interest held by investors, founders, and practitioners: Investments eventually lead to good solutions. Technologies being funded range from methods to rid the world of passwords to machine learning that predicts where the next threats will occur. Everyone benefits if these investments succeed because the risks of attack are increasing on a daily basis.

    The ongoing conflict in Ukraine, for example, introduces nation-state offensive cyber campaigns directed at business and civilian groups around the world — perhaps to target enemies, perhaps to just create chaos. New commercial security products and services will be necessary to mitigate this potentially hazardous and growing risk.

    My team has met with over 2,000 cybersecurity startups during the past few years, many of which are supported by venture capital. In the course of our work, we’ve come to recognize three primary factors that seem to correlate with commercial success in the cybersecurity marketplace.

    When I share my observations with venture capital teams, however, they often do not match up well with the typical investment evaluation formula. Most venture capital teams tend to obsess on factors such as aggregate market size for a given company, the problem being solved, the types of competitors that exist, and so on. While these are important issues, I do not think they are the primary drivers of success.

    Accordingly, below is a summary of the three factors that my team and I use in our work to advise security practitioners on which startups are worth considering for long-term partnership.

    Factor 1: Belief System
    When we ask a founding team what they believe and why they started their business, their answer is often wrapped in some muddled description of what they do. This vacuous and circular reasoning of starting a company “to stop threat X because the world needs to stop threat X” is insufficient to connect with customers at a visceral level.

    In contrast, consider the belief system of retired Army general Keith Alexander, co-founder of IronNet Cybersecurity, which recently completed a successful SPAC. If you ask founders such as Gen. Alexander why they started the company, they will point to their lifelong commitment to protecting their country, whether in uniform, on the physical battlefield, or across virtual networks.

    Such personal belief systems connect with buyers. In fact, a useful exercise for founders is to explain why they started their company without ever mentioning their product. It is a delightfully painful experience because it exposes the real purpose behind their company. Good luck to the startup that can only cite making money as its reason for being.

    Factor 2: Attention to Design
    When we ask a startup to describe their company, we usually see one of two approaches. On the one hand, a team will lead us into PowerPoint hell with chart after chart of buzzwords, disjointed clip art, and meaningless quotes. The platform diagrams in these presentations are usually haphazardly cut-and-pasted from the engineers, as if the technology is some afterthought.

    On the other hand, we sometimes find a startup that understands the value of design. In such cases, we see a carefully crafted story, developed from top to bottom with the combined inputs of the platform developers, marketing team, and leadership group. When done right, the only word that comes to mind is elegance. And it is not just the elegance of the technology but also of the overall story.

    Take SentinelOne, for example. When we first met this now-public company, we were struck by their attention to detail in explaining their behavioral analytics. This technique involves establishing which behaviors are considered normal and then sounding an alarm when something looks unusual. It was obvious to us that considerable time and effort had gone into developing their crisp messaging.

    And just like quality, design elegance in any solution (think Apple) is hard to define — but you certainly know it when you see it.

    Factor 3: Domain Knowledge
    Finally, we always ask founders to share their experience in the domain their new company addresses. The worst responses come from serial entrepreneurs hopping aboard the security bandwagon from some unrelated area. Cybersecurity is a complex arena, and poor domain knowledge will eventually catch up with inexperienced founding teams.

    The best responses come from startup leaders who have committed their lives to their chosen discipline. A favorite question we like to ask is whether a founder would continue doing what they are doing for free. Only a select group of founders can honestly answer yes to this question — and these are the ones to bet on.

    Consider Sanjay Beri, founder of Netskope; Nir Zuk, founder of Palo Alto Networks; and Ken Xie, founder of Fortinet. Each of these successful entrepreneurs would certainly continue doing exactly what they do now, even if they never earned another penny. Buyers connect with this type of domain passion, and investors should take this essential factor into full account.

     

    Source: Dark Reading