A discussion with Mustapha B. Mugisa, of mustaphabm3.sg-host.com.
1. How safe are businesses/individuals online?
Starting with businesses, their safety is guaranteed if and only if they are engaged and actively assessing and probing their infrastructure and systems for vulnerabilities in small time frames like once every 4 to 6 months due to the dynamic element of discovered vulnerabilities and bugs in systems and software.
Most of the leaders may not be paying attention to cyber security at all. When it comes to physical security, leaders are paying attention and you can see that in the presence of security guards, bio-metric access to key installations and CCTV cameras. However, when it comes to protecting core applications and data, the commitment in terms of resources is lacking.
For individuals, the basic security like encryption and forced updates are at least taken care of by the mobile vendors. But nothing is 100% impenetrable, when the attacker is motivated for money or otherwise. The safety and security again rely on the knowledge investment in security fundamentals, learning to be secure computer users as well as individual cyber hygiene like multifactor authentication, complex enough passwords and zero tolerance for password reuse. We don’t see concerted effort by government to create safety and privacy awareness training online. And it starts with a national curriculum update to include cyber security training since technology is the future.
2. Where are the gaps in the country as far as cyber security is concerned?
Gaps in information security in the country are due to ignorance of cyber security and the unwillingness to invest in cyber security by many, if not all, organizations whether in the private or public sector. This coupled with the lack of transparency and collaboration, zero information sharing between industries makes it nearly impossible to have a nation with functional cyber security policies and vision. You cannot solve a problem that you don’t understand well. We are also affected by a skills gap within the country. We do not possess enough cyber talent to counter the technical threats.
Some laws are letting the country down. The set up of a government agency to formulate cyber policies, regulate them, implement and supervise them has proved not effective. This agency needs unbundling so that there is clear focus.
Also read: Your on-line activity: The Emperor Has No Clothes!
3. How best can they be closed?
We can close these gaps by:
- Collaboration between industries and sectors to share current threat information or discovered attacker tactics, techniques and procedures
- Integrating security into the education systems and making skill building easier and attainable
- Organizations should invest into creating security teams by training the available teams at their disposal. Summit Consulting Ltd’s institute of forensics and cyber security has top notch training covering most fields of information security.
4. Does Uganda has any professional in the field? If now, how best can we build the skills?
The skills gap and technical debt are a very big distance apart.
Uganda possesses very few professionals and cyber security is not a first-class citizen in the country. These few skilled personnel end up being siloed and isolated. Organizations cannot employ them due to lack of a standard screening process of what to look out for in a cyber security engineering candidate. Many people have been trained in cyber security but not educated. You can train a dog to know the smell of the owner and bark at strangers. But you cannot educate a dog not to bark at someone sent by the owner! That is the difference in skillsets in the country. So many people with certificates, but few with clarity of
Meetups, National Competitions, Conferences and Academic syllabus inclusion and focus on cyber security will take us a long way into bridging the gap.
5. Any other information
There is always a lot of interesting elements to talk about when it comes to information security. You should start by attending our upcoming security conference in October 2019, visit www.forensicsinstitute.org/csrm to register, come to our facilities in Ntinda and explore our approach to tackling cyber security as well as attend our trainings. Seeing is believing.