In a Resolution, following the Joy News-Youth Bridge Foundation National dialogue on Cybersecurity, participants have charged the Cyber Security Authority (CSA) to expedite action on the development of the needed Legislative Instrument to provide the operational backing for the implementation and enforcement of the provisions of the Cybersecurity Act, 2020 (1038).

The Resolution further acknowledged that the prevention of cyber-attacks and the increase in our nation’s resilience to cyber threats is a shared responsibility requiring multi-stakeholder collaboration and partnerships.

Cyber security expert Kwame Oduro Numapau, for instance, stressed the importance of consulting with security professionals when initiating any cyber project.

According to him, "As we build technologies, there will be loopholes here and there. That's why when designing any project, you need to involve cybersecurity experts right from the get-go. You don't go through the entire process of gathering requirements, designing, and developing before engaging them. It starts from the very beginning. When you have business discussions, then you can start building something."

The National Dialogue on Cybersecurity, held with the support of the CSA, ECOBANK, HYDRA Cyber Security Services, and Ghana Enterprise Association (GEA) had the focus of identifying ways of protecting citizens from cyber vulnerability.

With rapid advancements in technology come a myriad of cybersecurity issues of hacking, data and system breaches, and denial of service attacks, and therefore the significance of cybersecurity laws in an era such as this cannot be underestimated.

Acknowledging the risk and level of exposure of the business community, Chief Executive Officer of the Ghana Enterprise Association (GEA), Kosi Yankey for instance, said the GEA in a proactive measure to ameliorate the vulnerabilities of Small and Medium Scale Enterprise, has conducted training programs for MSMEs to safeguard them against cyber vulnerabilities.

She noted, “One of the things we did was to bring on board training programmes to educate MSMEs on where these cyber vulnerabilities would come from. Besides going online to sell or utilise tools to strengthen your institution, you also have to be careful about which people you are accepting online."

Governments everywhere are placing a high priority on the creation and enforcement of strong cybersecurity rules and regulations as they realise how important it is to protect sensitive data and digital infrastructure.

Continental frameworks such as the AU Cybersecurity Protocol, African Charter on Democracy, Elections and Governance (ACDEG), and ECOWAS Regional Cybersecurity and Cybercrime Strategy all provide laid down procedures and protocols to handle cybersecurity issues within the sub-region.

In Ghana, the CSA Act 2020 (1038) that established the CSA provides the framework to guide cybersecurity activities. Cyber threats present serious concerns to people, companies, and governments alike. They can take many different forms, from ransomware attacks and data breaches to state-sponsored espionage.

These threats are ever-changing; they are getting more sophisticated and widespread every day.

In response to this escalating threat landscape, governments all over the world are taking proactive measures to strengthen their cybersecurity position.

A key component of these initiatives is the creation of extensive legal frameworks intended to improve cybersecurity resilience, ease information sharing, and discourage malicious cyber activity. Aside from the growing cybersecurity economy, the youth are motivated to take advantage of cybersecurity gaps for exploitation.

Lead of the Computer Emergency Response Team at the Cyber Security Authority (CSA), Stephen Cudjoe-Seshie, in response to that, said the Authority had developed a comprehensive best practices document aimed at safeguarding citizens. 

According to him, “One of the initial steps we've taken is to develop a CII directive. Essentially, this document contains baseline best practices that would ensure a certain level of robust protection. Organisations must identify it and formulate a policy around it. This policy should not merely be a document written and stored somewhere, but rather something that is endorsed by the senior leadership of the organisation."

Applauding the Cyber Security Authority for setting up the platform on the short code 292 for the public to report cyberspace incidents and cybercrimes and receive support, participants were convinced CSA needed supplementary legal backing in the form of the Legislative Instrument to regulate cyberspace and all associated issues that may arise.

In reference to this, the Executive of the National Identification Authority (NIA), Professor Kenneth Agyemang Attafuah, argued that the education of citizens plays a critical role in the realisation of that objective.

Using the Ghana Card as an example, Prof Agyemang Attafuah emphasised: "We need to enhance citizen education regarding the Ghana Card itself. When you lose your Ghana card, you must report it to the police, similar to losing a passport. The purpose of this is to ensure that appropriate action is taken promptly. Finally, constant reliance on biometric verification is what we should prioritise, rather than visual or ocular inspection."

Proposing the use of local or home-grown solutions to sanitize cyberspace, participants further called for local and international partnerships as well as funding for research and development to fully realise this expedition and the legislative instrument development processes.

They said ultimately, a comprehensive cybersecurity legislative framework encompasses safeguarding our digital infrastructure and building public trust and that when citizens feel confident that their data is protected, they are more likely to embrace the opportunities offered by the digital landscape.