These days, cyber security is becoming a matter of national survival and securing national development. Services are growingly dependent to the cyber technology and the sector is prone to cybercrimes. Parallel to the development of the cyber technology, cyber-attacks are becoming sophisticating. Even, cyber warfare is becoming a new battlefield within countries. Due to this reason, countries are investing in securing their cyber space.
According to international reports, the world economy loses over 5.6 trillion USD due to cybercrime in 2022. During the year, it was reported that over 422 million individuals were impacted by the cyber-attacks. An assessment on different companies in the world held in 2022 revealed that 45% of companies were attacked by one up to five successful cyber-attack crimes in a year.
Cyber-crimes are growing and increasingly sophisticating. Experts in the sector predicted that, based on the current trend, the world may lose over eight trillion USD from cyber-crimes in 2023. Cybercrime, compared to other parts of the world, is higher in Africa. Annually, African financial institutions are losing over 3.5 billion USD due to cyber-attacks and Africa takes up to10% share of the world’s financial loss due to cybercrimes.
As part of the cyber space, Ethiopia is not an exception in this regard, though striving to combat cyber related crimes. In 2021/22 budget year, over 8,900 cyber-attack attempts were reported in Ethiopia, according to a data from Information Network Security Administration (INSA), though INSA controlled majority of the attack attempts. Meanwhile, INSA reported this week that in 2022/23 budget year (2015 E.C), 6,659 cyber-attack attempts registered in Ethiopia, from internal and external sources.
INSA Director-General, Solomon Soka said during a press briefing on annual performance that from the 6,659 cyber-attack attempts of the year, INSA successfully responded to the 6,768 attack attempts, which is over 96% of the total attempts. “Responding to over 96% of cyber-attack attempts by own capacity is a great achievement and shows the capacity and readiness of our cyber soldiers,” Solomon stated.
According to the Director General, compared to the last budget year, the number of cyber-attack attempt has decreased in number. But, the number of high risk attack attempts shows high increment. From the cyber-attacks, website attack takes the lion share as over 2,554 attack attempts were website attacks which take 36.7% of the total share of the budget year’s cyber-attacks. Distributed denial of services attack ranked second with 1,493 attack attempts while malware attacks were 1,295, INSA reported.
“From the total attack attempts, 39% of them are very high risk, 37 % high risk and 24% medium risk attacks,” Solomon stated adding that “though the number of attacks decreases from last year, this year’s attack attempts are highly dangerous.”
The motives behind the attack attempts, according to Solomon, are creating social, political, financial, military and economic crises in Ethiopia. In addition, curiosity, for fame and revenge are among the motives behind the cyber-attack attempts based on the experts’ analysis.
INSA is working to secure Ethiopia’s cyber sovereignty by implementing cyber governance system at national level. As a national institution responsible to follow, govern and administer Ethiopia’s cyber space, INSA is working on identifying cyber-security vulnerability, cyber threat assessment and controlling import, export and disposal of communication and technology products.
Cyber threat assessment helps institutions to identify the threats and the gaps in their cyber usage. The cyber threat assessment aims to strengthen the cyber security of institutions and to make ready to respond attacks before it happens. In this regard, INSA during the budget year conducted cyber threat assessment on 123 government and private institutions, according to the annual report. 64 of the intuitions were governmental while 59 of institutions conducted cyber threat assessment were private.
The cyber threat assessment focuses on key governmental and private institutions which own sensitive infrastructures. This includes, key government offices, media houses, higher education institutions, health centers, financial institutions, regional offices and others. The assessment evaluates the available technology of the institutions, the capacity of cyber security experts within the institutions and the overall cyber governance system of the institutions. “It is an audit and evaluation of the overall cyber administration of the institutions to identify the level of the companies’ readiness to respond to cyber-attacks and identify major attack threats,” Solomon said.
“During the budget year, by assessing 204 different technologies within 123 institutions, INSA identified 652 gaps in the institutions,” INSA Director General reiterated. He added that the identified gaps were 94 in websites, in 49 mobile applications, 36 in networking infrastructure and 25 in compliance. Immediate measure was taken to solve the security gaps following the assessment with the support of INSA cyber experts that helps the institutions to minimize the vulnerability to cybercrimes by securing the cyber infrastructure.
As part of its responsibility to secure the national cyber sovereignty, INSA also controls communication and electronic devices. The controlling of communication devices includes checking during import, export and disposing communication technology products. In this regard, during the budget year, INSA received over 4,336 different products license request for importing, exporting and disposal during the year. From these communications technology products, after assessing the security issue of the items, 583 of the requested communication technology devices was refused to import to Ethiopia as they fail to meet the security standard.
INSA builds anti cyber-attack army and software to secure the country’s cyber infrastructure. It gives due focus on assessing vulnerability of the country’s infrastructure to make the cyber infrastructure secure and safe. “Cyber security professionals within INSA are doing great achievements in minimizing vulnerability of the cyber infrastructure,” Solomon further noted.
As to him INSA has upgraded itself, both in technology and capable human resource, in fighting cyber-attacks. Anti-virus and anti-spy software and hardware developments, human capacity developments, and inspections are being upgraded so as to strengthen the security of Ethiopia’s cyber sovereignty.
This time, the global competition is seemingly relayed on technological invention and ownership. “No one is willing to share or sell security tools. So, we are upgrading ourselves in parallel with global trends,” Solomon underlined adding that “during the fiscal year, some 23.2 billion Birr has been saved from attackers’ threat. The cyber army is armed with own technological tools.”
INSA is striving to substitute all security technologies with domestic products. So far, some security tools have already been developed and get operational. The Ethiopian information intelligence is emerging as one of known developing cyber defender. To make it more intelligent, hardware including computer and mobile boards are being manufactured domestically. “Next year, INSA will own its own tablets and cellphones,” he restated. Beyond defending, the response capacity needs more development. Accordingly, INSA experts have been working inspiringly and successfully respond to 96.03 percent of attacks committed during the year.
Investing in inventing domestic technologies and building the capacity of cyber professionals would help countries to minimize cyber-attacks, though it is difficult to control it fully as it stands. Cybercrime remains a serious problem both for the developing and the developed world, though the developing countries are more vulnerable to the cybercrimes as they are using products owned by external companies. In addition, the number of trained and capable cyber professionals is limited, though institutions are connected to the cyber space.
INSA is working to secure Ethiopia’s cyber infrastructure and is increasingly developing its capacity. But, to make every institution safe and secure from cyber-attacks and to properly apply all necessary cyber security measures, it is important to support institutions to develop the capacity of their cyber professionals. Increasing the number of professionals in the sector is critical to manage the cyber sector, in parallel to giving to technological innovations at home.
BY DARGIE KAHSAY
THE ETHIOPIAN HERALD FRIDAY 28 JULY 2023
