In a pivotal move towards enhancing cybersecurity in West Africa, the Cybersecurity working group, co-chaired by AMRTP-Mali and NCA-Ghana, of the West African Telecommunication Regulators Assembly (WATRA) convened its first face-to-face working group meeting in Banjul, The Gambia.
Hosted by The Gambia’s Public Utilities Regulatory Authority (PURA), the meeting brought together key representatives from regulatory bodies across the region to address the growing threats of cyberattacks and chart a collective path forward.
This gathering, which followed a resolution from WATRA’s 21st Annual General Meeting, aimed to strengthen collaboration among member states and share insights on managing digital transformation and cybersecurity challenges in the region.
Representatives from the National Regulatory Authorities of several West African countries, including Benin, Côte d’Ivoire, Ghana, Guinea, and Togo participated at the event.
A key highlight was the presentation by the National Communications Authority (NCA) of Ghana, which shared insights from Interpol’s October 2021 Cyber Threat Assessment Report.
The presentation underscored the growing cybersecurity threats in Africa, where 38% of the population was online in 2021, yet over 90% of businesses lacked essential cybersecurity protocols.
The report spotlighted the alarming rise in cyberattacks, including a 238% increase in attacks on online banking platforms in 2020 and the fact that 60% of the world’s Business Email Compromise (BEC) actors are based in Africa, primarily in Nigeria. Additionally, the average ransomware payout in Africa soared to over $300,000 in 2021.
The discussions that followed NCA’s presentation revealed several challenges confronting the region, including the lack of harmonized cybersecurity laws, insufficient infrastructure, a shortage of skilled human resources, and a lack of funding.
The participants emphasized the need for stronger collaboration between member states to combat cyber threats such as ransomware, online scams, and business email compromise.
Complementing the cybersecurity discussion, the International Telecommunication Union (ITU) presented crucial initiatives to strengthen the security of Digital Financial Services (DFS) in Africa, highlighting ongoing efforts such as DFS Security Clinics for knowledge sharing and the establishment of DFS Security Labs in countries like Tanzania, Uganda, and Peru.
ITU’s guidance includes conducting audits on mobile payment apps and SIM cards in multiple countries and fostering collaboration through a Knowledge Sharing Platform for DFS security.
Additionally, the ITU introduced its Cyber Security Resilience Assessment Toolkit to help regulators and operators safeguard critical DFS infrastructure.
Key recommendations from the ITU included mitigating vulnerabilities in the SS7 mobile communication network, developing a Model Memorandum of Understanding between telecommunications regulators and central banks, and securing mobile payment apps and SIM card systems against risks like SIM swap fraud.
Participants at the conference underscored the need for enhanced regional collaboration and knowledge-sharing initiatives to tackle the rising cybersecurity and DFS threats in Africa’s digital ecosystems.
Key priorities identified for the sub-region included the development of cybersecurity guidelines, the protection of consumers of electronic communication services, and the engagement of political leadership to strengthen cybersecurity frameworks. Furthermore, participants acknowledged the necessity of securing telecommunications networks and the importance of subscriber identification to curb cybercrime.
The meeting concluded with a consensus to adopt existing cybersecurity frameworks and standards, rather than creating new ones, and to tailor them to suit the maturity levels of individual countries.
A comprehensive benchmarking exercise will be conducted to analyze best practices and guide the region’s cybersecurity efforts.
In addition to the focus on general cybersecurity, the meeting addressed the growing security challenges posed by mobile devices and the Internet of Things (IoT).
Statistics showed that 90% of organizations in the region had reported at least one cyber incident, underscoring the need for robust security testing. WATRA will develop security testing guidelines for mobile and IoT devices, ensuring that all equipment meets safety standards and is free from vulnerabilities.
The event also featured a presentation by the regulatory authority of Togo on Risk Assessment and Threat Analysis, which highlighted the need for a comprehensive approach to cybersecurity.
The presentation underscored the importance of mapping cyber threats and implementing monitoring mechanisms to mitigate potential risks.
The working group sessions in Banjul emphasized the importance of cybersecurity for West Africa’s digital future, and participants demonstrated their commitment to strengthening national and regional capabilities.
The meeting concluded with a set of recommendations, including the creation of sector-specific Computer Emergency Response Teams (CERTs) for telecommunications, the development of security incident response plans, and the adoption of international standards for managing cyber threats.
As the digital landscape in West Africa continues to evolve, WATRA ’s ongoing efforts to bolster cybersecurity frameworks will be critical to ensuring a secure and resilient cyberspace for all.
Comments 1