Internal auditors have been advised to adopt and implement the necessary measures to audit IT systems as part of their organization’s cybersecurity measures.
Dr Albert Antwi-Boasiako, the Head of the National Cyber Security Centre (NCSC), said this in a presentation at the Ghana 2021 Annual National Internal Audit & Governance Conference held virtually in Accra.
Dr Antwi-Boasiako said given the current digitalization of business processes, Auditors needed to develop the necessary competencies to conduct a system-based audit as part of internal audit functions.
Dr Antwi-Boasiako urged institutions to have procedures in place to examine the Information Technology (IT) systems introduced into their operational environment and to verify that such systems are secured.
He added that they should also ensure that consultants they work with have not only the necessary skills but also integrity to protect their IT systems.
The advice was necessitated by reported cybersecurity incidents involving insiders and external consultants.
The Head of the NCSC further informed participants that the State as the enabler of cybersecurity development was taking the necessary measures to ensure the safety of Ghana’s cyber ecosystem.
He mentioned the institutionalization of cybersecurity, the development and adoption of a National Cybersecurity Policy & Strategy and the passage of the Cybersecurity Act, 2020 (Act 1038) as the enabling pillars to improve the cybersecurity readiness of the country.
He said according to the World Economic Forum, Global Risks Report 2020, cybercrime is expected to reach US$ 6 trillion in 2021.
The report further indicates that cyber-attacks on critical infrastructure rated the fifth top risk in 2020.
This development, therefore, calls for domestic and international cooperation to ensure cybersecurity in the country, especially as Ghana continues to rely on technologies that are produced or hosted in other jurisdictions.
Dr Antwi-Boasiako raised concerns about the impact of a potential attack on the global IT supply chain on Ghana, especially regarding critical information infrastructures in the banking, telecommunication, energy and health sectors.
Commenting on efforts to ensure cybersecurity in the country, he said, Ghana had enacted the necessary legislation in the form of the Cybersecurity Act 2020, Act 1038, which would establish the Cyber Security Authority, regulate cybersecurity activities and promote the development of cybersecurity in the country.
He said the National Cybersecurity Policy and Strategy document was currently undergoing ministerial review before consideration by Cabinet.
He assured participants that, the Minister for Communications & Digitalization, who is responsible for cybersecurity in government, will soon outline some interventions to protect Ghana’s critical information infrastructures.
Dr Antwi-Boasiako indicated that the Government had shown commitment in some ways towards improving Ghana’s cybersecurity readiness and anticipated that the newly established Cyber Security Authority would adopt an incentive-based regulatory approach to facilitate collaboration among relevant stakeholders – both governmental and non-governmental actors – regarding the implementation of the Cybersecurity Act.