Pay attention to cyber security

Financial innovations have tremendously reformed the global financial sector from automated teller machines ( ATMs) to mobile and online banking. However, criminals find opportunity in ignorance and vulnerabilities of emerging technologies to foster their gain.

Cyber fraud, a deception performed to secure an unfair or unlawful gain over computer networks or any other communication medium, poses a significant problem to society, with a successful attack having far-reaching implications such as financial losses, loss of consumer confidence, trust and erosion of digital data.

The rate of cyber fraud in Uganda’s financial institutions, for example, is on the increase, with damage estimated at billions of shillings per year.

 In 2020 alone, the police report estimates the losses from attacks like the Pegasus technologies incident in the upwards of Shs11 billion.

 The internet also affords rogue cyber actors a platform to ply their trade behind digital anonymity through social engineering. This results in challenges to law enforcement agencies due to the cost and complexity of investigations because they occur in a virtual environment, across multiple (often international) jurisdictions, and are hardly reported.

As a way forward, cyber security should be given a lot of attention because attackers also exploit vulnerabilities in particular operating systems. This goes a long way in securing systems across the threat landscape.

Ugandans have got to be security conscious, something that compliments the efforts of the authorities and the existing legal regime. A war against misinformation is long overdue because false information campaigns encourage perpetration of cyber fraud.

Additionally,  attention should be paid to insider threats such as employees who may unknowingly volunteer access to the systems of these organisations.

Awareness at critical levels enables and promotes the identification and reporting of cyber fraud attacks. Improvement and imparting of key procedural knowledge in electronic forensics/investigation and evidence.

Organisations need to employ security firms and increase budgeting towards bolstering the protection from these rogue agents.

These dictate trusting nothing and verifying everything in a bid to forge an end to cyber fraud for physical and network access. Users and system administrators should establish multi-factor authentication for access processes.

Institutions should ensure threat intelligence adoption to study false and true flags. This is because a phishing campaign looks legitimate when it starts, and the next thing, information, and credentials have been harvested, resulting in losses for the victim organization.

Conducting security audits helps determine the security status of an organisation, as they highlight current and potential weaknesses.

Strengthening the legislative framework pertaining to such forms of cybercrime because, despite all these efforts, the legal framework to facilitate the full enjoyment of ICT is non comprehensive, overly vague, and broad in context.

There is a need to re-evaluate the efficiency of such and other laws insofar as cyber fraud is concerned. Parliament should adjust the legal framework for an efficient reaction to cyber fraud.

Cyber fraud is a critical threat to all sectors of our economy. Only a swift, concerted effort can get us far.

Mr  Raymond Amumpaire is a tech lawyer and advocate for tech-knowledge. [email protected]