Almost a year ago, hackers targeted a third-party technology company and stole billions of shillings from mobile money service providers and digital payment systems. Reports in the media indicate telecoms and banks that used Pegasus Technologies as a transaction aggregator at the time fell victim to the hack.
In a joint statement, three major players, MTN Uganda, Airtel Uganda and Stanbic Bank revealed that a system incident in which hackers had accessed systems of Pegasus Technologies had impacted all bank to mobile money transactions.
Police later launched investigations into the hack to establish the extent of the theft that was believed to involve a number of other companies. On the other hand, the battle between police, private sector, public sector and criminals operating in the cyberspace has been raging for years now. But, the tide has continued to rise.
In the Annual Crime Police Report for 2020, a total of 256 cases were reported during the period under review compared to 248 cases reported in 2020, giving a 3.2 per cent increase. Cybercrimes led to a loss of Shs15,949,236,000 in 2020 in which Shs7,720,000 was recovered. Electronic fraud accounted for 59 cases, obtaining money by false pretense, 38 cases, unauthorized access, 24 cases, threatening violence, 22 cases, theft, 12, while defamation and money laundering accounted for 20 and 14 cases respectively among other cyber-crimes.
By the end of 2020, 193 cases were still under inquiry, 24 cases were taken to court, nine cases secured convictions, one case was acquitted, six cases were dismissed and 18 cases were still pending in court.
Most recently, the leakage and circulation of unauthorized information into the public realm has become the face of cybercrime, and yet that is only the tip of the iceberg of a mammoth problem.
The truth is that the growing internet penetration and increasing use of digital platforms to conduct business, communicate and enable access to essential services has left Ugandans vulnerable to an equally growing criminal network.
Cybercrime, sometimes called e-crime, is the type of crime committed through communication technology. Uganda Police Force says the crimes are committed using computer systems and networks that facilitate the omission or commission of offences. The most common include phishing scams, internet fraud, online intellectual property infringements, identity theft, online harassment and cyberstalking.
Leading the efforts to reinforce cybersecurity is the National Information Technology Authority Uganda (NITA-U) whose mandate is to coordinate and regulate Information Technology (IT) services in Uganda.
In June 2021, NITA-U launched a Cybersecurity Awareness Campaign dubbed “Be Safe Online.” The campaign focused on increasing public awareness and vigilance about the day-to-day cyber threats.
To further contribute to proactive measures, NITA-U put in place the Uganda National Computer Emergency Response Team and Coordination Center. This is to help in the effective analysis and response to cyber threats for better protection of Uganda’s critical digital infrastructure and the availability of dependent services and support provided to the government agencies, citizens and businesses.
At the launch of the campaign, the NITA-U Executive Director Hatwib Mugasa said the ever-increasing number of internet users necessitates raising awareness about cyber-related threats. He also spoke to the need to empower Ugandan citizens with the knowledge and sense of shared responsibility to practice safe and informed decisions while using the internet.
As the public sector grapples with the problem of cybersecurity threats, there are private sector companies fostering online safety. Milima Technologies, a cybersecurity firm, is working with various entities in the Private and Public Sector to strengthen their digital security systems. Chief Executive Officer of Milima Technologies Emmanuel Chagara is a computer engineer with 11 years of experience in Cyber Security. In his position, he hopes to save businesses from paying the hefty cost of security breaches through preventative measures.
“It takes an average of 200 days for an organisation to detect a breach in their security. A lot of people have a false sense of security where they believe that just because they are not seeing visible signs of hacking, it means that their security systems are safe. There are scenarios where hackers break into systems and do “nothing” for a while and instead observe how the system works, study the movement of money before they take over it,” Chagara says before adding that just because a big problem has not happened, it doesn’t mean that there is no problem.
To borrow from its operations, Milima Technologies carries out routine cyber checks for the organisation to detect any existing problems in its security systems, assesses security strategies, reviews the company cyber policies, reviews its risk compliance and assesses the effectiveness of existing security frameworks.
Because most Cyber risks are self-imposed, Chagara says emphasis must be placed on audit activities that help to assess the strength of technologies, the choice of technologies and the expertise of the IT teams.
The step towards cyber vigilance begins with a mindset change according to experts. In Chagara’s experience, for many organisations, cybersecurity is an afterthought in light of a problem that has occurred. Before businesses experience a cybersecurity problem, they thrive on hope and yet hope is never a strategy.
With remote work happening at higher rates than ever, cybersecurity of companies relies on individual vigilance.
“Not all hackers are targeting money, sometimes they need to use one system as a ground zero from which to commit cybercrimes that eventually cost the person in terms of lawsuits. This means that having no vivid sign of a cyber breach should not be taken to mean there is no breach. Preventative measures should always be in place,” Chagara says.
About 45 per cent of cyber crimes are experienced by small businesses according to a 2020 Cybersecurity report from Verizon, experts say it is imperative for businesses to exercise cyber hygiene through best practices including the use of strong passwords, restraint from clicking on random links and the use of multi-factor authentication.
“If you have a simple policy like having a strong password and one of your staff has a password like, “ABC123” it means that your security is compromised by this one person,” Chagara explains.
In their advocacy, Milima is also focusing on building the capacity of experts in cybersecurity. In 2018 and 2019, Milima Cyber Academy held its training with the community of entrepreneurs innovating around technology. Solomon Opio, The Innovation Village Technology Community Manager says though training has been on hold, the Tech and Data team at The Innovation Village is carrying out surveys and laying the groundwork for cybersecurity courses.
“Many young people within our Tech Community who are starting out in the field are interested in exploring the field of Cybersecurity because it’s an emerging field with many opportunities,” Opio explains.
In the next year, Opio says that cybersecurity training will be offered to further enrich and expand on the skillset of young people in the tech field. As innovators come up with new ideas to solve our communities’ most pressing problems using technology, criminals are getting creative on the web too. With the increase of cybersecurity professionals and individual vigilance, innovators, businesses and individuals can reap the benefits of the digital revolution without being placed at risk.