Why Uganda must strive to protect its cyberspace

On May 12, 2021, Uganda joined the rest of the world to commemorate the World Anti-Ransomware Day, which was created in 2020 to raise awareness against rising cyber-attacks.

In recent times, ransomware attacks have become more pronounced. One such attack occurred in the US in 2020 on SolarWinds, a company that produces a network and applications monitoring platform called Orion. Hackers compromised the company’s IT infrastructure and then using that access, produced and distributed trojanised updates to the software’s users.

Last month, fuel delivery in the south-east of the US was crippled for several days after a ransomware attack targeted the Colonial Pipeline. Investigators say the attack was linked to DarkSide, a group with ties to Russia.

Imminent threat
While such attacks appear a threat only to developing countries, it is important to note that developed countries are also gradually adopting IT systems in storage of important national records. Therefore, sooner than later, such cyber-attacks will be here in Uganda.

This means we need to understand what Ransomware means. Ransomware is simply the use of malware by an attacker to gain access to a system, encrypt your data and hold it hostage until payment is received.

Ransomware hacks the data and denies the users access to the files unless they pay ransom.

Ransomware has been able to gain such notoriety over the past few years because attackers take advantage of lack of limited knowledge of the practice by many IT professionals, especially in governments, poor integration of security solutions and insufficient automation of intelligence systems and poor funding of the IT sector.

For instance in Uganda, failure to harmonise data between government departments such as NIRA and URA can result into compromising of the information thereby crippling the economy.

For example, the breach of the police data system could lead to exposure of intelligence information, a scenario that would jeopardise national security.

The government and other private companies, especially those in the banking and telecommunication sectors, need to adopt good IT practices that will protect their data against ransomware.

 They need to recruit, train and retain cyber specialists. The government should work on a legal framework to make cyberspace a more secure and enjoyable experience for all.
 
The Uganda government needs to urgently ratify the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention). This will shows its commitment towards building a credible digital space for electronic transactions, personal data protection and combating cybercrime.

Artificial intelligence

The incorporation of artificial intelligence (AI) is another viable solution owing to the fact that the latter has the capability to tackle issues of false positives and laxity in threat intelligence. AI refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.

The need for levelling the skills gap in cyber security will go a long way in supplying a cure to the growing vulnerabilities and online usage lifestyles that expose the systems of organisations to rogue actors.

Bottom line, ransomware is relenting and cyber attacks are increasing rapidly despite of the available security measures. It will take concerted efforts of both the authorities and the public to fight this vice.

Mr Raymond Amumpaire is a tech lawyer and digital rights activist