Dr Albert Antwi-Boasiako, the Head of the National Cyber Security Centre (NCSC), has advised Internal auditors to adopt and implement the necessary measures to audit IT systems as part of their organisation’s cybersecurity measures.
Dr Antwi-Boasiako said this in a presentation at the Ghana 2021 Annual National Internal Audit and Governance Conference held virtually in Accra.
Dr Antwi-Boasiako said given the current digitalisation of business processes; Auditors needed to develop the necessary competencies to conduct a system-based audit as part of internal audit functions.
Dr Antwi-Boasiako urged institutions to examine the Information Technology (IT) systems introduced into their operational environment and verify that such systems are secured.
He added that they should also ensure that consultants they work with have the integrity to protect their IT systems.
Reported cybersecurity incidents involving insiders and external consultants necessitated the advice.
The Head of the NCSC further informed participants that the State, as the enabler of cybersecurity development, was taking the necessary measures to ensure the safety of Ghana’s cyber ecosystem.
He mentioned the institutionalisation of cybersecurity, the development and adoption of a National Cybersecurity Policy and Strategy and the passage of the Cybersecurity Act, 2020 (Act 1038) as the enabling pillars to improve the cybersecurity readiness of the country.
He said according to the World Economic Forum, Global Risks Report 2020, cybercrime is expected to reach US$ 6 trillion in 2021.
The report further indicates that cyber-attacks on critical infrastructure are rated the fifth top risk in 2020.
Therefore, this development calls for domestic and international cooperation to ensure cybersecurity in the country, especially as Ghana relies on produced or hosted technologies in other jurisdictions.
Dr Antwi-Boasiako raised concerns about the impact of a potential attack on Ghana’s global IT supply chain Ghana regarding critical information infrastructures in the banking, telecommunication, energy and health sectors.
Commenting on efforts to ensure cybersecurity in the country, he said Ghana had enacted the necessary legislation in the form of the Cybersecurity Act 2020, Act 1038, which would establish the Cyber Security Authority, regulate cybersecurity activities and promote the development of cybersecurity in the country.
He said the National Cybersecurity Policy and Strategy document was currently undergoing ministerial review before consideration by Cabinet.
He assured participants that the Minister for Communications and Digitalisation, responsible for cybersecurity in the government’s institutions, would soon outline some interventions to protect Ghana’s critical information infrastructures.
Dr Antwi-Boasiako indicated that the Government had shown commitment in some ways towards improving Ghana’s cybersecurity readiness and anticipated that the newly established Cyber Security Authority would adopt an incentive-based regulatory approach to facilitate collaboration among relevant stakeholders – both governmental and non-governmental actors — regarding the implementation of the Cybersecurity Act.