Implement measures to audit IT systems-NCSC boss advises
Internal auditors have been advised to adopt and implement the necessary measures to audit information technology (IT) systems as part of their organisation’s cybersecurity measures.
The Head of National Cyber Security Centre (NCSC), Dr Albert Antwi-Boasiako, who made the call, observed that in view of the current digitalisation of business processes, auditors need to develop the necessary competencies to conduct system-based audit as part of internal audit functions.
Advertisement
Dr Antwi-Boasiako said this at the Ghana 2021 Annual National Internal Audit & Governance Conference on June 9, held virtually in Accra.
He urged institutions to have procedures in place to examine the IT systems introduced into their operational environment and to verify that such systems are secured.
He added that they should also ensure that consultants they work with have not only the necessary skills but also integrity to protect their IT systems.
This advice was necessitated in view of reported cybersecurity incidents involving insiders and external consultants.
Read: ECG releases 3rd phase power outages schedule starting June 28
Cybersecurity development
The Head of the NCSC further noted that the state as the enabler of cybersecurity development was taking the necessary measures to ensure the safety of Ghana’s cyber ecosystem.
He mentioned that the institutionalisation of cybersecurity, the development and adoption of a National Cybersecurity Policy & Strategy and the passage of the Cybersecurity Act, 2020 (Act 1038) as the enabling pillars to improve the cybersecurity readiness of the country.
He added further that, according to the World Economic Forum, Global Risks Report 2020, cybercrime is expected to reach US$ 6 trillion in 2021.
The report further indicates that cyber-attacks on critical infrastructure rated the fifth top risk in 2020.
This development therefore calls for domestic and international corporation to ensure cybersecurity in the country especially as Ghana continues to rely on technologies that are produced or hosted in other jurisdictions.
Dr Antwi-Boasiako raised concerns about the impact of potential attack on the global IT supply chain on Ghana especially regarding critical information infrastructures in the banking, telecommunication, energy and the health sectors.
Read: Govt urged to restrict antimalarial drug import
Legislation
On efforts to ensure cybersecurity in the country, he said Ghana has enacted the necessary legislation in the form of the Cybersecurity Act 2020, Act 1038, which will establish the Cyber Security Authority, regulate cybersecurity activities and promote the development of cybersecurity in the country.
He stated further that the National Cybersecurity Policy and Strategy document is currently undergoing ministerial review before it is considered by Cabinet.
He assured participants that, the Minister for Communications & Digitalisation, who is responsible for cybersecurity in government, will soon outline a number of interventions to protect Ghana’s critical information infrastructures.
Dr Antwi-Boasiako indicated that the government has shown commitment in a number of ways towards improving Ghana’s cybersecurity readiness and anticipated that the newly established Cyber Security Authority will adopt an incentive-based regulatory approach to facilitate collaboration among relevant stakeholders – both governmental and non-governmental actors - regarding the implementation of the Cybersecurity Act.
