Government has the key responsibility to maintain the security of Ghana’s critical infrastructures, internet services and the entire digital ecosystem. Government senior executive must buy into cybersecurity and its funding; technical personnel must understand the threats at the technical level and how to mitigate the risks; government employees who are the end users must also understand the threats of their actions and how their inaction could open them up to cyber-attacks. An integrated approach must be used in creating awareness on cybersecurity in the Government sector.
It is easy to perceive that cybersecurity incidents are on the increase and government will remain a prime target. A report on cyber-attacks directed against the U.S. government in Fiscal Year 2017 by attack vector revealed that the U.S. government encountered 7,328 e-mail or phishing attacks, 4,049 web attacks and 4,395 loss or theft of equipment. In Ghana, cyber-attacks such as , phishing, and website defacement, have been encountered by some government agencies. It is therefore imperative that awareness is created at all levels in government; senior level (including public officials and civil servants), technical (IT) personnel, and government employees (end users).
Government should be able to build and implement resilient systems that have less vulnerabilities. Report from Shadow Servers reveals Ghana’s cybersecurity vulnerabilities over the last weeks in the figure below;
The top three incidents per the report showed an abuse of Internet Protocol (IP) space, improper configurations of network infrastructure leading to botnets and irregular time synchronization of network systems within organizations. It is important that government implement systems to identify and patch known vulnerabilities to have dependable systems. These technical measures require awareness on cybersecurity risks in government as it will also facilitate relevant funding required to implement such technical remediation measures.
Cybersecurity awareness in government is particularly important because the government is the biggest data controller of the citizens personal
information. There are also sensitive government data which ought to be protected from both internal and external malicious actors. Awareness
creation will lead to better appreciation of the risks and it is expected to positively impact on user behavior towards a responsible cyber culture in government. Consequently, awareness campaign programme will be initiated to provide adequate support for government officials. The awareness programme for Senior & Executive Officials will be dubbed Government Cybersecurity Leaders Awareness Programme; Technical Officials programme will be dubbed Government Cybersecurity Champions Awareness Programme; and Government Employee’s program will be Government Cyber Hygiene Programme. Through these programmes, the capacity of government and public officials will be built to ensure that all government employees adhere to government cybersecurity guidelines.