2022 Welcome Package for Future/Aspiring Cybersecurity ProfessionalsCollins Mann
The writeup below is aimed at answering the following questions:
- What’s cybersecurity?
- What are some of the consequences of cyber insecurity in Uganda?
- What are the possible opportunities presented by cyber insecurity?
- How do we get ready to act as cybersecurity defenders?
According to ISACA, “Cyber” is derived from cybernetics, the study of communication and control systems in living beings and machines. “Cyber” can be added to (almost) any word to create an Internet reference (e.g., cybersecurity, cyberspace, cybercrime, cyberwar).
ISO/IEC 27032:2012 defines cybersecurity as the “preservation of confidentiality, integrity and availability of information in cyberspace.” Cyberspace is the interaction of people, software and services on the Internet. The term cybersecurity is an all-in-one term referring to the protection of the use of cyberspace from cyberattacks. Cyber attackers include organized cybercriminals, hacker entrepreneurs, malicious employees (insider threats), hacktivists (radical activists such as anonymous), nation-states, employees (unintentional), and third-party service providers among others.
As we go further into the issues surrounding cybersecurity, there is a need to know that the underlying problem that enables attackers to get into information systems is that systems have “a hard crunchy outside and a soft chewy centre.” If someone can penetrate the external barriers of physical perimeters walls with gates, guards and guns, firewalls and virus filters, he/she is free to roam around an organization’s IT environment. This calls for more skills in protecting the weakest points of information systems/networks.
According to ISACA’s State of Cyber Security 2017 report on data gathered globally, less than 46% of the participants indicated that their team could handle incidents that go beyond cybersecurity and with skills gap identified in understanding the business (52%), technical (25%) and communication (17%). The same report indicated that 53% of the enterprises experienced cyber-attacks in 2017 more than the previous years with the attackers being motivated by the financial gain (50%), disruption of service (45%), and theft of personally identifiable information/privacy (37%) and yet only 53% of the enterprises have formal processes to deal with ransomware which leaves a gap of 47%. These percentages show red flags of how cybersecurity will proliferate in the future. As more organizations invest in cybersecurity resources (like human resources and technology among others), there’s a need to assess the value for money. Organizations must be smart, strategic in pursuit of cyber talent. Thus governance (understanding of the business language) and technical skills on cyber incidents are critical to the management of cybersecurity.
Further, in the ISACA’s State of Cybersecurity 2021 study, it was indicated that despite the widespread economic damage resulting from the COVID-19 pandemic, the cybersecurity industry has remained relatively unscathed. The report cited the major challenges to be in people power and the skills gap, where finding qualified, well-rounded candidates and understaffed teams remain strongly correlated to an increasing number of cyberattacks. This challenge makes many cybersecurity roles remain unfilled. This sounds scary but the facts have to be brought to books with their face value. There is a need to invest in raising professionals and empowering future university graduates with necessary skills (like threat intelligence; tactical, operational and strategic intelligence) to counteract cyber insecurity.
In Uganda, a number of cyber-related incidents have recently been reported in media with some of the most recent ones being the case where the data of nearly 2,900 students/graduands was purportedly deleted from the university system by a former employee, Daily Monitor – online (August 2021). More attacks were also reported in February 2021 citing the most serious attacks in Uganda in the recent past year(s) being the mobile money heist, in which it is alleged that telecom companies and banks including MTN, Airtel, Stanbic and Bank of Africa were robbed of Shs7b. Daily Monitor continued to highlight that the investigations pointed to an organised network with assistance from staff from Pegasus Technologies, an aggregator.
Globally, organizations and governments have intensified their efforts to mitigate cybersecurity. For example, in March 2021, The Cyber Security Alliance-led Formation Project created an umbrella body (The UK Cyber Security Council) that will grow to champion cyber security education, training and skills development. This alliance attracted membership from renowned organizations like The International Information System Security Certification Consortium, ISACA, CompTIA, Chartered Institute of Information Security, etc.
Various attempts to fight cyber security have been ongoing in the country and mostly championed by the government of Uganda through its agencies like Uganda Police, National Information Technology Authority (NITA) and Uganda Communication Commission. This has been achieved through cybersecurity research and publication, awareness training, monitoring and control, setting standards and development of national cybersecurity infrastructure, among others.
Also, Kabale University in its attempt to fulfill the vision of nurturing “A sustainable vibrant Centre of excellence in teaching, learning, and research and community service in the Great Lakes Region and beyond”, the faculty of computing, library and information science structured excellent curricula for computer science and information technology programmes that tackle cybersecurity and information security, among many courses that prepare learners for the fourth industrial revolution (4.0IR).
Additionally, ISACA Kampala Chapter, through its various programs, has regularly added its voice to the efforts of the government agencies and Kabale University in protecting cyberspace through the continuous creation of awareness about cybersecurity and empowering leaders, managers, practitioners, and consultants with the necessary skills to deal with cyber incidents.
In conclusion, cyber insecurity is a current and future challenge as the number of organisations using information technology to support their processes is proliferating. This presents enormous opportunities for all aspiring cybersecurity professionals/enthusiasts both at a global and national level. The challenges are very many for us to solve alone and in 2022 and beyond you can make a healthy contribution by diving deep into the cybersecurity career. This is very possible if you pursue a diploma/bachelors program in computer science or information technology from Kabale University and any one of the cybersecurity-related certifications from ISACA.
NKAMWESIGA Nicholas, CISA®, CISM®