Cybercrime continues to affect all sectors of the business community in Ghana. Whilst big corporations have implemented essential cybersecurity measures, Small to Medium Enterprises (SMEs) which represent a significant portion of business in Ghana do not have adequate cybersecurity measures in place. This picture is no different from the global picture. For example, the Consumer News and Business Channel (CNBC) published a report on “Local businesses a target for next cyber-attacks” in October 2017. Their findings revealed that nearly 6 in 10 small businesses reported that they have experienced a cyberattack. A survey by Nationwide on small-business owners found only 13% of respondents believed they had experienced a cyberattack. However when these owners were given specific examples of attacks including phishing, viruses and ransomware, those reporting attacks increased to 58%.
The above findings explain the need for cybercrime awareness among businesses especially SMEs, to recognize the risks, identify the threats and take preventive measures to prevent cyber-attacks.
Even though all typologies of businesses suffer cyber-attacks, some sectors especially the financial sector suffer the most. According to Nippon
Telegraph and Telephone Corporation (NTT) 2018 report on “Global Threat Intelligence”, the top 5 industry sectors to suffer an increase in cyber-attacks since 2016 were finance, technology, professional services, manufacturing and retail. Of these, most crimes were executed by spyware, trojans and viruses.
In Ghana, the cybersecurity landscape has evolved dynamically. In a somewhat multifaceted occurrence, this has caused the unauthorized disclosure of a trove of personal and confidential information costing millions of cedis in financial losses. A survey by Better Business Bureau (BBB), indicates about a quarter of small-business respondents had not heard of phishing, a third had not heard of ransomware, and nearly half had not heard of point-of-sale malware. Meanwhile, Point-of Sale systems were involved in three-quarters of cyber-attacks involving the hotel and restaurant industry according to the BBB. Their survey showed that hackers mainly attack small businesses to gain access to data and information on customers and employees.
Evidence suggests small firms may not suffer a direct hit from cyber criminals’ but may be used indirectly to attack big corporates. This has proven to be quite an effective criminal tactic because of the delusion that their size keeps them safe.
As cybersecurity is the most prevalent risk issue faced by organizations worldwide today, there is therefore the need for the government to engage with the industry to mitigate the risk. This campaign focus area will be highly customized to address specific industry cybersecurity concerns. The NCSC will engage with business and industry groups and associations to implement the awareness campaign.