March 25th – A webinar aimed to enlighten the attendees on the necessary measures and policies to ensure security of our digital identity as well as the essential considerations for the public and private sector in the aftermath of the COVID 19 crisis. The expected outcome was to develop recommendations for both the individuals and organizations to ensure digital saftey and necessary policy questions to mitigate cyber threats amid the spike in the remote workforce globally due to the COVID-19.
In the opening session, guest speakerProf Sheriff El-kassas commented on some of the massive data breaches that have occurred in recent years highlighting that supply chain attacks are the prevalent forms of cyber threats currently. These statistics begs the question of trust and dependability in the cyberspace ecosystem. To analyse and address the cyberthreats problems, its important to understand that cyber-attacks are not purely technical issues but more socio-technical in the sense that cyber-attacks are not always caused by breaches in the technical systems and infrastructure but could also be a result of misplaced trust by end-users. Prof Sherif refers to the Saltzer & Schroeder Designs Principle emphasizing that a critical look at the principles of this design proves that most of the principles are not purely technical and the best way to increase thier efficiency is through constant oversight and scrutiny.
The issues of trust between end-user and service providers can be a very complex issue when security motives are completely diametrical, nonetheless, the best way to address the disconnect lies in constant oversight, regulation and effective liabilities exemplary in the work done on privacy protection carried out by the EU with the GDPR.
Although the onus of securing digital identity lies majorly on the manufacturers of the devices and the proper regulators that make the standards for best practices among the vendors. It’s imperative that we carry out end-user awareness schemes to get people informed on the ways to be more digitally safe and cyber vigilant. Cyber education needs to included in the basic educational institutions, in schools it needs to be a prerequisite as most of the adopters of these new technologies are the youth and its necessary that they are more knowledgeable on ways to ensure their digital identity are managed properly and safely.
There is no one-size-fits-all policy to combat cybersecurity threats, so the more feasible approach would be to develop policy strategies that are tailored specifically to industries that make use and manage people’s data online be it the medical industry, the financial industry, government and private sector. We also need to migrate from single systems identity management approach that can be easily targetted and breached, to self-sovereign identity practices where users have controls over which aspects of their data and identity is being accessed and by whom. To implement this structure, we would need to have set down a framework and regulations that engender this architecture and are acceptable to vendors.
One of the major consensuses of the growth in remote operation is that information zones are no longer in compartments but are rather in a mesh connection through the number of devices holding and accessing critical information. This creates the necessity for the Zero trust architecture that attempts to build trust based on each interaction of devices, this means that within each interaction between entities there is no room for assumption on security risks and eligibility so we ensure there is complete scrutiny and authentication required for access to sensitive information on any interaction level
Albeit, there is no guarantee of total security online, we need to strive as much as possible to ensure we are more aware and cyber conscious. The current landscape of cybersecurity proves that we can’t rely solely on just passwords to secure our identities online so we should employ multi-factor authentication techniques in all layers of access to crucial and important data online. Cybersecurity policies such as the GDPR and other privacy laws help to maintain some form of privacy for individual digital identity but the major challenge facing such law is the enforcing of them. African countries need to work together to ensure cross-border collaboration and jurisdictional persecution of bad actors. Finally, the problems of enforcing prosecution on culprits would require access to the WHOIS database so it’s easier to carry out investigations.
The first edition of the AfICTA Quarterly series was very successful with recommendations for more collaboration within the Africa n community to engender cross jurisdictional co-operation to prosecute bad actors, there is also a need for comprehensive integration of cyber education in the basic education schemes. Th next edition of the AfICTA webinar would be in the the 2nd Quater Q2, 2021. The date would be announced in due time.