Introduction
The concept of a digital economy is an interesting one, as proponents believe it would enhance transparency and accountability as well as improve business processes and connectivity. This notwithstanding, there are inherent security challenges which would need to be assessed and addressed to ensure effectiveness, resilience and impact for good.
The digital economy has been defined by an Australian government website as: “The global network of economic and social activities that are enabled by information and communications technologies, such as the internet, mobile and sensor networks.’ This includes conducting communications, financial transactions, education, entertainment and business using computers, phones and other devices”[1].
The concept of the global economy continues to evolve given the new trends and developments in technological advancement. The concept has been understood to reflect the use of digital technology in production, marketing, trading, transportation, consumption and payment for goods and services.
It is thus the economic activity enabled by connections, of people, devices, systems and processes that engender transactions. These activities are essentially challenging traditional systems and ways of doing things, including traditional forms of security, diplomacy, defence and intelligence.
Importance of digital economies
The trend towards the creation of digital economies has engendered the development of systems and provision of services in ways that expand access to such services by the citizenry. In developing economies, this is even more crucial to bridging gaps between the educated and uneducated and providing access to services which were difficult to access, thereby excluding some individuals from mainstream economic activities.
The digital economy makes use of platforms for the provision of services and ensuring interconnectedness which is vital to its existence. For instance, in several developing economies such as Ghana, the introduction of mobile phones and mobile money services has brought on board many unbanked individuals onto mobile money platforms. This engendered inclusion in financial services provision for many people who had no bank accounts. On a global scale, there have been opportunities for inclusion and business development through digital platforms that were developed to provide services.
For instance, “Uber, the world’s largest taxi company, owns no vehicles. Facebook, the world’s most popular media owner, creates no content. Alibaba, the most valuable retailer, has no inventory. And Airbnb, the world’s largest accommodation provider, owns no real estate…”[2]
In Ghana, the development of the digital economy has found expression in the creation of a Ministry for Communications and Digitalisation as well as the creation of e-services meant to support the people. These include the following;
· e-Justice system; for the delivery of services relative to criminal justice administration,
· mobile money interoperability systems: a system which has integrated various mobile money payments with huge patronage among the unbanked population,
· e-Procurement system; for the delivery of public procurement services,
· digital property addressing system, which has enabled unique addresses to be generated for each household and landed property in Ghana;
· the paperless port system which has transformed customs and cargo handling and clearance at Ghana’s ports, and
· a national identity system which provides effective identifiable proof of citizenship and residency in Ghana.
While all of the above have provided significant improvement in doing business, challenges remain that need to be overcome to ensure the safety and security of the various platforms that exist.
The Security Challenges
The idea of developing systems and platforms which enable access to a national and global audience is in itself a challenge. Ensuring the security of data and information is a fundamental prerequisite to maintaining trust and system integrity. The security challenges for a digital economy include the following;
· People – people are central to the maintenance of systems and the smooth running of platforms that engender business integration and service provision. However, they are also one of its weakest links within the infrastructure for digital services. When they are compromised, it undermines system integrity and trust, thereby eroding the confidence and willingness of clients to do business using digital channels. Many examples of compromised systems exist to support this assertion. It has been asserted, for instance, that in some countries, the electronic scheduling for services such as passport provision is manipulated for the benefit of individuals working within that office.
· Storage of Data – Data storage remains one critical security challenge within and across digital systems and platforms. An overview of data centres in the world indicates a disproportionate number of such centres in Africa, with a huge collection in America and other advanced countries. In essence, the country that has control of the storage actually controls the data and in an era of artificial intelligence, data can easily be stolen and manipulated for evil.
Cybersecurity – The internet is a fundamental pillar of the digital economy and with increased connections is a key driver for economic activity and invariably, growth. However, this naturally opens it up for attacks. Cyber criminals consistently target activities online thereby making it more fragile with the need for secure systems.
Omar Abbosh and Kelly Bissell, Group CDO and Senior Managing Director, both at Accenture in their article Reinventing the Internet to Secure the Digital Economy, state that: “… The Internet is facing many challenges. Malicious cybercriminals threaten the security of the digital economy, which becomes more fragile with each attack. The Internet, which was once a tool for information sharing and communication, has grown increasingly complex, and new, digital innovations are outpacing the ability to keep it secure. Trust in our digital economy now hangs in the balance, putting significant value at risk”. [3].
It is, therefore, a matter of prime importance that nation-states take urgent steps to ensure protection and maximize benefits that occur from the spillover effects of the digital economy.
· State-sponsored attacks or espionage – cyber attacks from government actors seeking information and or undermining the integrity of systems and platforms are real threats today. There have been accusations by states that their enemies stole intelligence, and technology and disrupted supply chains in the past. More insidious is the attempt to turn the tide of events in elections using cyber-enabled attacks.
· Cyberwarfare
Cyber warfare is usually defined as a cyber attack or series of attacks that target the critical infrastructure of a country. It has the potential to wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life.[4] The issue with cyber warfare is that it can be perpetrated against a country from a location outside its borders at services and infrastructure. A typical example is the denial-of-service attack which was experienced by the Electricity Company of Ghana earlier in 2023, resulting in significant disruption in service and discomfort for customers. Other types include the following
o Espionage. This is the case where the secrets of a country, particularly economic and military secrets are stolen online.
o Sabotage. This is a deliberate attempt to undermine the operational integrity of critical systems and infrastructure
o Denial of Service Attacks – this targets interruption in the supply of key services such as the electricity case referred to earlier.
o Propaganda attacks
o Disruption of key economic activities
Given the challenges we face in this area, it is important that the following is done:
1. Ghana needs legislation which enforces international protocols and agreements around the world. This area is problematic as nation-states need to agree on transboundary activities that constitute crimes, what constitutes digital evidence and the fines that need to be imposed for digital crimes. Ghana has set a good example and has signed both the Malabo Convention and Budapest Convention, both of which deal with cybersecurity, but it is imperative that we encapsulate them in a local law that gives vent to the issues raised therein.
2. Ghana needs to enhance multilateral cooperation in cyberspace as a basis for building trust and diffusion of geopolitical tensions relative to cyber espionage and other related intelligence challenges.
3. Given the changes that are occurring due to the digital age, it is imperative that Ghana takes action to plan the workforce and develop them in sync with the requirements of a digital economy. A 2018 report from the World Economic Forum on the Future of Work outlines that public adoption of new technologies and existing labour laws will influence the rate at which digitalization will drive workforce transformation. Effective planning and training will engender the development of the right cyberculture and workforce for entrenching the benefits of digitalization.[5]
4. Ghana needs to resource its Cyber Security Authority to scale up its work to ensure the protection of its digital ecosystem.
Conclusion
Ghana’s cybersecurity journey has been, so far, an interesting one. Ghana is no different from many other countries within the Africa region. However, the efforts made, especially in the telecoms sector encouraged investment in technologies that have supported the provision of improved services – for instance internet, mobile money transfers among others.
Africa in general and Ghana in particular need to work expeditiously and in concert to achieve the full benefits of digitalisation. More importantly, the safeguards that are expected need to be put in place to ensure effective protection. Unless this is done, major successful attacks would undermine the confidence and trust in the digitalisation process and erode the gains already made.
Examples, where serious harm has been caused worldwide, are quite well known, for instance, the attack on the Iranian nuclear programme where the Stuxnet virus affected their systems and caused serious delays in their programme.
An overview of the challenges in Africa as indicated online showed the following[6];
· Although there is digital growth in Africa, measures for ensuring their security remain weak,
· Legislative measures for ensuring information security and a low level of awareness threaten gains.
· Africa’s low level of preparedness to counter cyberthreats costs the concerned countries on average 10% of their GDP.
· The banking and telecom sectors have been the key targets for cybercriminals.
· Attacks that seek to compromise Business Emails are the primary cyber threats to organizations and individuals.
· On underground forums, cybercriminals actively buy and sell access to the networks of major African organizations.
· Financial difficulties across Africa are pushing the younger generation to look for ways to earn money quickly; the increasingly low entry threshold for engaging in cybercrime makes this a tempting prospect.
The above calls for urgent action and it needs to start now with the CSA, Intelligence Services, the Judiciary, Banking and key government sectors. Digitalisation is good but it has inherent security challenges that require developing economies to be security conscious and get the populace and organisations to be cyber hygienic.
Source: Samuel Aning, CISA Associate
[5] World Economic Forum – The Future of Jobs Report 2018
