際際滷

際際滷Share a Scribd company logo

CTO Fellowship Report Presentation - Lusungu Mkandawire

Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2

The document summarizes good practices for combating cybercrime in Malawi based on a study of initiatives in other countries. It outlines that Malawi has high internet usage but low network readiness and is highly targeted for cybercrime. Common cybercrimes in Malawi include scams, ransomware, hacking, and mobile money fraud. Challenges to addressing cybercrime are the borderless nature of the internet, anonymity, lack of capacity and legal frameworks, and lack of public awareness. Recommendations include developing cybercrime policies and regulations, increasing capacity building and awareness, adopting international standards, and encouraging collaboration between government, private sector and citizens.

1 of 18
Download to read offline
Good practices for combating Cybercrime in Malawi London, UK 15 December 2016 Lusungu Mkandawire Information Security Manager Airtel
Outline Overview of the assignment Good Practices for combating Cybercrime Cybercrime landscape of Malawi Commonly perpetrated cybercrimes in Malawi Challenges in fighting cybercrime in Malawi Conclusion Recommendations
Overview of the Assignment Program Objectives and Activities Study the Cybercrime projects in Nigeria, Bangladesh and Pakistan, identify replicable good practices and develop a compendium. Carry out a desk-based research supplemented by consultations with relevant organizations such as the GSM Association (an association of telecom operators) and the Internet Watch Foundation for further guidance and update the compendium. Survey the Cybercrime landscape of Malawi in consultation with the telecommunications regulator of Malawi (MACRA), and identify the types of Cybercrime commonly perpetrated along with the key challenges in tackling Cybercrime in Malawi. Create a customized good practice guide for Malawi and a national plan of implementation.
Good practices for combating Cybercrime Legal Measures Technical Measures Organizational Structures Capacity Building International Cooperation Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good practices for combating Cybercrime Legal Measures Comprehensive ICT security legislation. Effective stakeholder collaboration. Preservation of Electronic evidence. International collaboration. Liability of service provider. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Technical Measures Detecting and investigating cybercrime. Integrity of evidence. Technical protection systems. Cyber secure culture. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
Organizational Structures Executive management sponsorship. Computer Security Incident Response Team (CSIRT) Accountability and responsibility Involvement of the private sector and the civil society Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
Capacity Building Cyber security skills and training User education and Awareness Cyber Security Innovation National Culture of Cyber security Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
International Cooperation Cross-border data flow Harmonisation of laws International treaties and conventions Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good Practices for Combating Cybercrime
Cybercrime landscape of Malawi Population: ~16 million 49% with access to the internet 6 operators The internet sector has 50 licensed ISPs Mali: 72.1%, Madagascar: 74%, Malawi: 70%) Sources: MACRA, ITU, CTO , World Internet Statistics
Cybercrime landscape of Malawi Malawi among bottom 15 of 133 countries for ICT networked readiness (WEF) Malawi among 20 most targeted countries globally, only second to Tanzania 2013: Government payments system (IFMS) was compromised (est. loss: $250m) 2015: official websites of the Malawi Government & official Malawi News Agency Websites down for five days due to hacking Sources: World Economic Forum, 2013 .Check Point Software Technologies ,2015 , http://www.nyasatimes.com/ 2015, BBC
Commonly perpetrated cybercrimes in Malawi Scams and Spam Ransomware Vishing/Phishing/ Pharming Defamation/Harassment Identity Theft Hacking and Electronic Vandalism Website defacement Salami Attacks Mobile Money Fraud ATM Skimming Fake lottery / inheritance Money Laundering
Challenges in fighting cybercrime in Malawi The borderless nature of the Cyberspace. The anonymity provided the internet. Lack of capacity by law enforcement agents. The ineffectiveness of the Malawian common law to address cybercrime. The absence of suitable legal frameworks to deal with cybercrime. The lack of IT knowledge by the public.
Challenges in fighting cybercrime in Malawi No organization for national incident response exists Lack of anonymous reporting mechanisms for members of the public to report cybercrimes A lack of electronic evidence laws or regulations Privacy in tracking down cybercrime is being challenged Lack of Cybercrime statistics and documentation. Traditional investigation methods are not working against cybercrime.
Conclusion Technology is evolving every day, there are no perfect frameworks or technologiesthat could be implemented to solve the problem from a long-term perspective. Efforts should be directed at identifying both current problems & new threats and predicting the risks posed by emerging technologies. Any approach to tackling cybercrime should be based on a common understanding that prevention, detection & implementation of countermeasures will be a continuous process of addressing new technological challenges.
Recommendations for Malawi Devising Cybercrime policy & strategy Creating effective legal & regulatory frameworks Capacity building, to increase the effectiveness of legal & regulatory frameworks User education and Awareness Use of modern technology in tackling cybercrime Risk-based approach to tackling cybercrime International cooperation Industry collaboration Adopt and ratify international conventions.
Recommendations for Malawi Establishing a National CERT Establishing cross-sector national body. (i.e. MACRA) Adopt legislation to outlaw child pornography Take a victim approach to prosecution Harmonization of criminal laws Anonymous reporting of cybercrimes Specialised institutions Clarify roles and responsibilities Electronic evidence laws or regulations
Thank You! Lusungu Mkandawire Lusungu.Mkandawire@airtel.com +265999989153 www.linkedin.com/pub/lusungu-mkandawire/57/102/283 https://twitter.com/MLusungu

More Related Content

CTO Fellowship Report Presentation - Lusungu Mkandawire

  • 1. Good practices for combating Cybercrime in Malawi London, UK 15 December 2016 Lusungu Mkandawire Information Security Manager Airtel
  • 2. Outline Overview of the assignment Good Practices for combating Cybercrime Cybercrime landscape of Malawi Commonly perpetrated cybercrimes in Malawi Challenges in fighting cybercrime in Malawi Conclusion Recommendations
  • 3. Overview of the Assignment Program Objectives and Activities Study the Cybercrime projects in Nigeria, Bangladesh and Pakistan, identify replicable good practices and develop a compendium. Carry out a desk-based research supplemented by consultations with relevant organizations such as the GSM Association (an association of telecom operators) and the Internet Watch Foundation for further guidance and update the compendium. Survey the Cybercrime landscape of Malawi in consultation with the telecommunications regulator of Malawi (MACRA), and identify the types of Cybercrime commonly perpetrated along with the key challenges in tackling Cybercrime in Malawi. Create a customized good practice guide for Malawi and a national plan of implementation.
  • 4. Good practices for combating Cybercrime Legal Measures Technical Measures Organizational Structures Capacity Building International Cooperation Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
  • 5. Good practices for combating Cybercrime Legal Measures Comprehensive ICT security legislation. Effective stakeholder collaboration. Preservation of Electronic evidence. International collaboration. Liability of service provider. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
  • 6. Technical Measures Detecting and investigating cybercrime. Integrity of evidence. Technical protection systems. Cyber secure culture. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
  • 7. Organizational Structures Executive management sponsorship. Computer Security Incident Response Team (CSIRT) Accountability and responsibility Involvement of the private sector and the civil society Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
  • 8. Capacity Building Cyber security skills and training User education and Awareness Cyber Security Innovation National Culture of Cyber security Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
  • 9. International Cooperation Cross-border data flow Harmonisation of laws International treaties and conventions Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good Practices for Combating Cybercrime
  • 10. Cybercrime landscape of Malawi Population: ~16 million 49% with access to the internet 6 operators The internet sector has 50 licensed ISPs Mali: 72.1%, Madagascar: 74%, Malawi: 70%) Sources: MACRA, ITU, CTO , World Internet Statistics
  • 11. Cybercrime landscape of Malawi Malawi among bottom 15 of 133 countries for ICT networked readiness (WEF) Malawi among 20 most targeted countries globally, only second to Tanzania 2013: Government payments system (IFMS) was compromised (est. loss: $250m) 2015: official websites of the Malawi Government & official Malawi News Agency Websites down for five days due to hacking Sources: World Economic Forum, 2013 .Check Point Software Technologies ,2015 , http://www.nyasatimes.com/ 2015, BBC
  • 12. Commonly perpetrated cybercrimes in Malawi Scams and Spam Ransomware Vishing/Phishing/ Pharming Defamation/Harassment Identity Theft Hacking and Electronic Vandalism Website defacement Salami Attacks Mobile Money Fraud ATM Skimming Fake lottery / inheritance Money Laundering
  • 13. Challenges in fighting cybercrime in Malawi The borderless nature of the Cyberspace. The anonymity provided the internet. Lack of capacity by law enforcement agents. The ineffectiveness of the Malawian common law to address cybercrime. The absence of suitable legal frameworks to deal with cybercrime. The lack of IT knowledge by the public.
  • 14. Challenges in fighting cybercrime in Malawi No organization for national incident response exists Lack of anonymous reporting mechanisms for members of the public to report cybercrimes A lack of electronic evidence laws or regulations Privacy in tracking down cybercrime is being challenged Lack of Cybercrime statistics and documentation. Traditional investigation methods are not working against cybercrime.
  • 15. Conclusion Technology is evolving every day, there are no perfect frameworks or technologiesthat could be implemented to solve the problem from a long-term perspective. Efforts should be directed at identifying both current problems & new threats and predicting the risks posed by emerging technologies. Any approach to tackling cybercrime should be based on a common understanding that prevention, detection & implementation of countermeasures will be a continuous process of addressing new technological challenges.
  • 16. Recommendations for Malawi Devising Cybercrime policy & strategy Creating effective legal & regulatory frameworks Capacity building, to increase the effectiveness of legal & regulatory frameworks User education and Awareness Use of modern technology in tackling cybercrime Risk-based approach to tackling cybercrime International cooperation Industry collaboration Adopt and ratify international conventions.
  • 17. Recommendations for Malawi Establishing a National CERT Establishing cross-sector national body. (i.e. MACRA) Adopt legislation to outlaw child pornography Take a victim approach to prosecution Harmonization of criminal laws Anonymous reporting of cybercrimes Specialised institutions Clarify roles and responsibilities Electronic evidence laws or regulations