CTO Fellowship Report Presentation - Lusungu Mkandawire
-
Upload
lusungu-mkandawire-cisacismcgeitcpfprince2 -
Category
Documents
-
view
25 -
download
2
Transcript of CTO Fellowship Report Presentation - Lusungu Mkandawire
Good practices for combating Cybercrime in Malawi
London, UK
15 December 2016
Lusungu Mkandawire
Information Security Manager
Airtel
Outline
• Overview of the assignment
• Good Practices for combating Cybercrime
• Cybercrime landscape of Malawi
• Commonly perpetrated cybercrimes in Malawi
• Challenges in fighting cybercrime in Malawi
• Conclusion
• Recommendations
Overview of the Assignment
Program Objectives and Activities
Study the Cybercrime projects in Nigeria, Bangladesh and Pakistan, identify replicable good practices and develop a compendium. Carry out a desk-based research supplemented by consultations with relevant organizations such as the GSM Association (an association of telecom operators) and the Internet Watch Foundation for further guidance and update the compendium. Survey the Cybercrime landscape of Malawi in consultation with the telecommunications regulator of Malawi (MACRA), and identify the types of Cybercrime commonly perpetrated along with the key challenges in tackling Cybercrime in Malawi. Create a customized good practice guide for Malawi and a national plan of implementation.
Good practices for combating Cybercrime
Legal Measures
Technical Measures
Organizational Structures
Capacity Building
International Cooperation
Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff,
desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good practices for combating Cybercrime
Legal Measures
Comprehensive ICT security legislation.
Effective stakeholder
collaboration.
Preservation of Electronic evidence.
International collaboration.
Liability of service
provider.
Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Technical Measures
Detecting and
investigating cybercrime.
Integrity of evidence.
Technical protection systems.
Cyber secure culture.
Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good practices for combating Cybercrime
Organizational Structures
Executive management sponsorship.
Computer Security Incident
Response Team (CSIRT)
Accountability and
responsibility
Involvement of the private sector and the
civil society
Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good practices for combating Cybercrime
Capacity Building
Cyber security
skills and training
User education
and Awareness
Cyber Security
Innovation
National Culture of
Cyber security
Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good practices for combating Cybercrime
International Cooperation
Cross-border data flow
Harmonisation of laws
International treaties and conventions
Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good Practices for Combating Cybercrime
Cybercrime landscape of Malawi
• Population: ~16 million
• 49% with access to the internet
• 6 operators
• The internet sector has 50 licensed ISPs
• Mali: 72.1%, Madagascar: 74%, Malawi: 70%)
Sources: MACRA, ITU, CTO , World Internet Statistics
Cybercrime landscape of Malawi
• Malawi among bottom 15 of 133 countries for ICT networked readiness (WEF)
• Malawi among 20 most targeted countries globally, only second to Tanzania
• 2013: Government payments system (IFMS) was compromised (est. loss: $250m)
• 2015: official websites of the Malawi Government & official Malawi News Agency Websites down for five days due to hacking
Sources: World Economic Forum, 2013 .Check Point Software Technologies ,2015 , http://www.nyasatimes.com/ 2015, BBC
Commonly perpetrated cybercrimes in Malawi
Scams and Spam
Ransomware
Vishing/Phishing/ Pharming
Defamation/Harassment
Identity Theft
Hacking and Electronic Vandalism
Website defacement
Salami Attacks
Mobile Money Fraud
ATM Skimming
Fake lottery / inheritance
Money Laundering
Challenges in fighting cybercrime in Malawi
The borderless nature of the Cyberspace.
The anonymity provided the internet.
Lack of capacity by law enforcement agents.
The ineffectiveness of the Malawian common law to address cybercrime.
The absence of suitable legal frameworks to deal with cybercrime.
The lack of IT knowledge by the public.
Challenges in fighting cybercrime in Malawi
No organization for national incident response exists
Lack of anonymous reporting mechanisms for members of the public to report cybercrimes
A lack of electronic evidence laws or regulations
Privacy in tracking down cybercrime is being challenged
Lack of Cybercrime statistics and documentation.
Traditional investigation methods are not working against cybercrime.
Conclusion
• Technology is evolving every day, there are no perfect frameworks or technologies—that could be implemented to solve the problem from a long-term perspective.
• Efforts should be directed at identifying both current problems & new threats and predicting the risks posed by emerging technologies.
• Any approach to tackling cybercrime should be based on a common understanding that prevention, detection & implementation of countermeasures will be a continuous process of addressing new technological challenges.
It is necessary to take into account the complexity of
Recommendations for Malawi
Devising Cybercrime
policy & strategy
Creating effective legal & regulatory frameworks
Capacity building, to increase the effectiveness of
legal & regulatory frameworks
User education and Awareness
Use of modern technology in
tackling cybercrime
Risk-based approach to
tackling cybercrime
International cooperation
Industry collaboration
Adopt and ratify
international conventions.
Recommendations for Malawi
Establishing a National CERT
Establishing cross-sector
national body. (i.e. MACRA)
Adopt legislation to outlaw child pornography
Take a victim approach to prosecution
Harmonization of criminal laws
Anonymous reporting of cybercrimes
Specialised institutions
Clarify roles and responsibilities
Electronic evidence laws or regulations
Thank You! Lusungu Mkandawire
+265999989153 www.linkedin.com/pub/lusungu-mkandawire/57/102/283
https://twitter.com/MLusungu