際際滷

際際滷Share a Scribd company logo

CTO Fellowship Report Presentation - Lusungu Mkandawire

Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2

The document summarizes good practices for combating cybercrime in Malawi based on a study of initiatives in other countries. It outlines that Malawi has high internet usage but low network readiness and is highly targeted for cybercrime. Common cybercrimes in Malawi include scams, ransomware, hacking, and mobile money fraud. Challenges to addressing cybercrime are the borderless nature of the internet, anonymity, lack of capacity and legal frameworks, and lack of public awareness. Recommendations include developing cybercrime policies and regulations, increasing capacity building and awareness, adopting international standards, and encouraging collaboration between government, private sector and citizens.

1 of 18
Download to read offline
Good practices for combating Cybercrime in Malawi London, UK 15 December 2016 Lusungu Mkandawire Information Security Manager Airtel
Outline Overview of the assignment Good Practices for combating Cybercrime Cybercrime landscape of Malawi Commonly perpetrated cybercrimes in Malawi Challenges in fighting cybercrime in Malawi Conclusion Recommendations
Overview of the Assignment Program Objectives and Activities Study the Cybercrime projects in Nigeria, Bangladesh and Pakistan, identify replicable good practices and develop a compendium. Carry out a desk-based research supplemented by consultations with relevant organizations such as the GSM Association (an association of telecom operators) and the Internet Watch Foundation for further guidance and update the compendium. Survey the Cybercrime landscape of Malawi in consultation with the telecommunications regulator of Malawi (MACRA), and identify the types of Cybercrime commonly perpetrated along with the key challenges in tackling Cybercrime in Malawi. Create a customized good practice guide for Malawi and a national plan of implementation.
Good practices for combating Cybercrime Legal Measures Technical Measures Organizational Structures Capacity Building International Cooperation Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Good practices for combating Cybercrime Legal Measures Comprehensive ICT security legislation. Effective stakeholder collaboration. Preservation of Electronic evidence. International collaboration. Liability of service provider. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
Technical Measures Detecting and investigating cybercrime. Integrity of evidence. Technical protection systems. Cyber secure culture. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
Organizational Structures Executive management sponsorship. Computer Security Incident Response Team (CSIRT) Accountability and responsibility Involvement of the private sector and the civil society Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
Capacity Building Cyber security skills and training User education and Awareness Cyber Security Innovation National Culture of Cyber security Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
International Cooperation Cross-border data flow Harmonisation of laws International treaties and conventions Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good Practices for Combating Cybercrime
Cybercrime landscape of Malawi Population: ~16 million 49% with access to the internet 6 operators The internet sector has 50 licensed ISPs Mali: 72.1%, Madagascar: 74%, Malawi: 70%) Sources: MACRA, ITU, CTO , World Internet Statistics
Cybercrime landscape of Malawi Malawi among bottom 15 of 133 countries for ICT networked readiness (WEF) Malawi among 20 most targeted countries globally, only second to Tanzania 2013: Government payments system (IFMS) was compromised (est. loss: $250m) 2015: official websites of the Malawi Government & official Malawi News Agency Websites down for five days due to hacking Sources: World Economic Forum, 2013 .Check Point Software Technologies ,2015 , http://www.nyasatimes.com/ 2015, BBC
Commonly perpetrated cybercrimes in Malawi Scams and Spam Ransomware Vishing/Phishing/ Pharming Defamation/Harassment Identity Theft Hacking and Electronic Vandalism Website defacement Salami Attacks Mobile Money Fraud ATM Skimming Fake lottery / inheritance Money Laundering
Challenges in fighting cybercrime in Malawi The borderless nature of the Cyberspace. The anonymity provided the internet. Lack of capacity by law enforcement agents. The ineffectiveness of the Malawian common law to address cybercrime. The absence of suitable legal frameworks to deal with cybercrime. The lack of IT knowledge by the public.
Challenges in fighting cybercrime in Malawi No organization for national incident response exists Lack of anonymous reporting mechanisms for members of the public to report cybercrimes A lack of electronic evidence laws or regulations Privacy in tracking down cybercrime is being challenged Lack of Cybercrime statistics and documentation. Traditional investigation methods are not working against cybercrime.
Conclusion Technology is evolving every day, there are no perfect frameworks or technologiesthat could be implemented to solve the problem from a long-term perspective. Efforts should be directed at identifying both current problems & new threats and predicting the risks posed by emerging technologies. Any approach to tackling cybercrime should be based on a common understanding that prevention, detection & implementation of countermeasures will be a continuous process of addressing new technological challenges.
Recommendations for Malawi Devising Cybercrime policy & strategy Creating effective legal & regulatory frameworks Capacity building, to increase the effectiveness of legal & regulatory frameworks User education and Awareness Use of modern technology in tackling cybercrime Risk-based approach to tackling cybercrime International cooperation Industry collaboration Adopt and ratify international conventions.
Recommendations for Malawi Establishing a National CERT Establishing cross-sector national body. (i.e. MACRA) Adopt legislation to outlaw child pornography Take a victim approach to prosecution Harmonization of criminal laws Anonymous reporting of cybercrimes Specialised institutions Clarify roles and responsibilities Electronic evidence laws or regulations
Thank You! Lusungu Mkandawire Lusungu.Mkandawire@airtel.com +265999989153 www.linkedin.com/pub/lusungu-mkandawire/57/102/283 https://twitter.com/MLusungu

Recommended

CTO Fellowship Report Presentation - Lusungu Mkandawire
CTO Fellowship Report Presentation - Lusungu MkandawireCTO Fellowship Report Presentation - Lusungu Mkandawire
CTO Fellowship Report Presentation - Lusungu Mkandawire
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Aiws presentation leeper rebecca
Aiws presentation leeper rebeccaAiws presentation leeper rebecca
Aiws presentation leeper rebecca
Boston Global Forum
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
Kenny Huang Ph.D.
Bo e v1.0
Bo e v1.0Bo e v1.0
Bo e v1.0
Prof John Walker FRSA Purveyor Dark Intelligence
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
Bangladesh Network Operators Group
Internet Governance
Internet GovernanceInternet Governance
Internet Governance
ARIN
Tampering With the Open Internet: Experiences From Africa
Tampering With the Open Internet: Experiences From AfricaTampering With the Open Internet: Experiences From Africa
Tampering With the Open Internet: Experiences From Africa
AFRINIC
CTO Cybersecurity Forum 2013 Jean Jacques Massima-landji
CTO Cybersecurity Forum 2013 Jean Jacques Massima-landjiCTO Cybersecurity Forum 2013 Jean Jacques Massima-landji
CTO Cybersecurity Forum 2013 Jean Jacques Massima-landji
Commonwealth Telecommunications Organisation
Security In a Digital Interconnected World
Security In a Digital Interconnected World Security In a Digital Interconnected World
Security In a Digital Interconnected World
Internet Society
Internet governance and the filtering problems
Internet governance and the filtering problemsInternet governance and the filtering problems
Internet governance and the filtering problems
Tan Tran
CERT Tonga - Two years on
CERT Tonga - Two years onCERT Tonga - Two years on
CERT Tonga - Two years on
APNIC
Engage with The Internet Society
Engage with The Internet SocietyEngage with The Internet Society
Engage with The Internet Society
APNIC
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
Paul van Heel
Budapest Gv July08
Budapest Gv July08Budapest Gv July08
Budapest Gv July08
Rob Faris
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
I4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoI4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse Brandao
Paul van Heel
I4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
I4ADA 2019 - presentation Catherine Garcia-van HoogstratenI4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
I4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
Paul van Heel
Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25
ISOC-KG
Understanding public policy and exploring internet public policy
Understanding public policy and exploring internet public policyUnderstanding public policy and exploring internet public policy
Understanding public policy and exploring internet public policy
Khaled Koubaa
Multistakeholder Internet Governance?
Multistakeholder Internet Governance?Multistakeholder Internet Governance?
Multistakeholder Internet Governance?
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
Kangai Maukazuva, CGEIT
Mousa
MousaMousa
Mousa
Mousa009
APNIC44 Briefing
APNIC44 BriefingAPNIC44 Briefing
APNIC44 Briefing
Kenny Huang Ph.D.
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
Charles Mok
Two years of good MANRS
Two years of good MANRSTwo years of good MANRS
Two years of good MANRS
APNIC
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
APNIC
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
Commonwealth Telecommunications Organisation
A Collaborative, Decentralized Internet Governance Ecosystem
A Collaborative, Decentralized Internet Governance EcosystemA Collaborative, Decentralized Internet Governance Ecosystem
A Collaborative, Decentralized Internet Governance Ecosystem
Andile Ngcaba
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar

More Related Content

What's hot (20)

Security In a Digital Interconnected World
Security In a Digital Interconnected World Security In a Digital Interconnected World
Security In a Digital Interconnected World
Internet Society
Internet governance and the filtering problems
Internet governance and the filtering problemsInternet governance and the filtering problems
Internet governance and the filtering problems
Tan Tran
CERT Tonga - Two years on
CERT Tonga - Two years onCERT Tonga - Two years on
CERT Tonga - Two years on
APNIC
Engage with The Internet Society
Engage with The Internet SocietyEngage with The Internet Society
Engage with The Internet Society
APNIC
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
Paul van Heel
Budapest Gv July08
Budapest Gv July08Budapest Gv July08
Budapest Gv July08
Rob Faris
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
I4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoI4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse Brandao
Paul van Heel
I4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
I4ADA 2019 - presentation Catherine Garcia-van HoogstratenI4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
I4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
Paul van Heel
Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25
ISOC-KG
Understanding public policy and exploring internet public policy
Understanding public policy and exploring internet public policyUnderstanding public policy and exploring internet public policy
Understanding public policy and exploring internet public policy
Khaled Koubaa
Multistakeholder Internet Governance?
Multistakeholder Internet Governance?Multistakeholder Internet Governance?
Multistakeholder Internet Governance?
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
Kangai Maukazuva, CGEIT
Mousa
MousaMousa
Mousa
Mousa009
APNIC44 Briefing
APNIC44 BriefingAPNIC44 Briefing
APNIC44 Briefing
Kenny Huang Ph.D.
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
Charles Mok
Two years of good MANRS
Two years of good MANRSTwo years of good MANRS
Two years of good MANRS
APNIC
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
APNIC
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
Commonwealth Telecommunications Organisation
A Collaborative, Decentralized Internet Governance Ecosystem
A Collaborative, Decentralized Internet Governance EcosystemA Collaborative, Decentralized Internet Governance Ecosystem
A Collaborative, Decentralized Internet Governance Ecosystem
Andile Ngcaba
Security In a Digital Interconnected World
Security In a Digital Interconnected World Security In a Digital Interconnected World
Security In a Digital Interconnected World
Internet Society
Internet governance and the filtering problems
Internet governance and the filtering problemsInternet governance and the filtering problems
Internet governance and the filtering problems
Tan Tran
CERT Tonga - Two years on
CERT Tonga - Two years onCERT Tonga - Two years on
CERT Tonga - Two years on
APNIC
Engage with The Internet Society
Engage with The Internet SocietyEngage with The Internet Society
Engage with The Internet Society
APNIC
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
Paul van Heel
Budapest Gv July08
Budapest Gv July08Budapest Gv July08
Budapest Gv July08
Rob Faris
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
I4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoI4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse Brandao
Paul van Heel
I4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
I4ADA 2019 - presentation Catherine Garcia-van HoogstratenI4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
I4ADA 2019 - presentation Catherine Garcia-van Hoogstraten
Paul van Heel
Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25
ISOC-KG
Understanding public policy and exploring internet public policy
Understanding public policy and exploring internet public policyUnderstanding public policy and exploring internet public policy
Understanding public policy and exploring internet public policy
Khaled Koubaa
Multistakeholder Internet Governance?
Multistakeholder Internet Governance?Multistakeholder Internet Governance?
Multistakeholder Internet Governance?
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
Kangai Maukazuva, CGEIT
Mousa
MousaMousa
Mousa
Mousa009
APNIC44 Briefing
APNIC44 BriefingAPNIC44 Briefing
APNIC44 Briefing
Kenny Huang Ph.D.
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
Charles Mok
Two years of good MANRS
Two years of good MANRSTwo years of good MANRS
Two years of good MANRS
APNIC
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
APNIC
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
Commonwealth Telecommunications Organisation
A Collaborative, Decentralized Internet Governance Ecosystem
A Collaborative, Decentralized Internet Governance EcosystemA Collaborative, Decentralized Internet Governance Ecosystem
A Collaborative, Decentralized Internet Governance Ecosystem
Andile Ngcaba

Similar to CTO Fellowship Report Presentation - Lusungu Mkandawire (20)

Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
ITU
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
Business Finland
Cybercrime Surveillance.docx
Cybercrime Surveillance.docxCybercrime Surveillance.docx
Cybercrime Surveillance.docx
PelorusTechnologies
Mike Alcorn presentation
Mike Alcorn presentationMike Alcorn presentation
Mike Alcorn presentation
svito
002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes
Michalis Mavis, MSc, MSc
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
ITU
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
Knowledge Group
Cyber crime in the digital age
Cyber crime in the digital ageCyber crime in the digital age
Cyber crime in the digital age
Saman Sara
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
Zsolt Nemeth
Session 6.2 C辿cile Barayre El Shami
Session 6.2 C辿cile Barayre El ShamiSession 6.2 C辿cile Barayre El Shami
Session 6.2 C辿cile Barayre El Shami
Commonwealth Telecommunications Organisation
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
Endcode_org
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
Jacqueline Fick
Internet Safety
Internet SafetyInternet Safety
Internet Safety
Charles Mok
Data Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityData Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and security
Ethical Sector
The Next Six Months in Myanmar: Stakeholder Risk in the Telecoms Sector
The Next Six Months in Myanmar: Stakeholder Risk in the Telecoms SectorThe Next Six Months in Myanmar: Stakeholder Risk in the Telecoms Sector
The Next Six Months in Myanmar: Stakeholder Risk in the Telecoms Sector
Ethical Sector
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
Bright Boateng
CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
Commonwealth Telecommunications Organisation
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
ITU
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
Business Finland
Cybercrime Surveillance.docx
Cybercrime Surveillance.docxCybercrime Surveillance.docx
Cybercrime Surveillance.docx
PelorusTechnologies
Mike Alcorn presentation
Mike Alcorn presentationMike Alcorn presentation
Mike Alcorn presentation
svito
002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes
Michalis Mavis, MSc, MSc
ITU Cybersecurity Capabilities
ITU Cybersecurity CapabilitiesITU Cybersecurity Capabilities
ITU Cybersecurity Capabilities
ITU
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
Knowledge Group
Cyber crime in the digital age
Cyber crime in the digital ageCyber crime in the digital age
Cyber crime in the digital age
Saman Sara
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
Zsolt Nemeth
Session 6.2 C辿cile Barayre El Shami
Session 6.2 C辿cile Barayre El ShamiSession 6.2 C辿cile Barayre El Shami
Session 6.2 C辿cile Barayre El Shami
Commonwealth Telecommunications Organisation
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
Endcode_org
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
Jacqueline Fick
Internet Safety
Internet SafetyInternet Safety
Internet Safety
Charles Mok
Data Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityData Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and security
Ethical Sector
The Next Six Months in Myanmar: Stakeholder Risk in the Telecoms Sector
The Next Six Months in Myanmar: Stakeholder Risk in the Telecoms SectorThe Next Six Months in Myanmar: Stakeholder Risk in the Telecoms Sector
The Next Six Months in Myanmar: Stakeholder Risk in the Telecoms Sector
Ethical Sector
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
Bright Boateng
CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
Commonwealth Telecommunications Organisation

More from Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2 (7)

Lusungu Mkandawire CV
Lusungu Mkandawire CVLusungu Mkandawire CV
Lusungu Mkandawire CV
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Membership Document
Membership DocumentMembership Document
Membership Document
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
It service management
It service managementIt service management
It service management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
It governance
It governanceIt governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Lusungu Mkandawire CV
Lusungu Mkandawire CVLusungu Mkandawire CV
Lusungu Mkandawire CV
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Membership Document
Membership DocumentMembership Document
Membership Document
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
It service management
It service managementIt service management
It service management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
It governance
It governanceIt governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2

CTO Fellowship Report Presentation - Lusungu Mkandawire

  • 1. Good practices for combating Cybercrime in Malawi London, UK 15 December 2016 Lusungu Mkandawire Information Security Manager Airtel
  • 2. Outline Overview of the assignment Good Practices for combating Cybercrime Cybercrime landscape of Malawi Commonly perpetrated cybercrimes in Malawi Challenges in fighting cybercrime in Malawi Conclusion Recommendations
  • 3. Overview of the Assignment Program Objectives and Activities Study the Cybercrime projects in Nigeria, Bangladesh and Pakistan, identify replicable good practices and develop a compendium. Carry out a desk-based research supplemented by consultations with relevant organizations such as the GSM Association (an association of telecom operators) and the Internet Watch Foundation for further guidance and update the compendium. Survey the Cybercrime landscape of Malawi in consultation with the telecommunications regulator of Malawi (MACRA), and identify the types of Cybercrime commonly perpetrated along with the key challenges in tackling Cybercrime in Malawi. Create a customized good practice guide for Malawi and a national plan of implementation.
  • 4. Good practices for combating Cybercrime Legal Measures Technical Measures Organizational Structures Capacity Building International Cooperation Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
  • 5. Good practices for combating Cybercrime Legal Measures Comprehensive ICT security legislation. Effective stakeholder collaboration. Preservation of Electronic evidence. International collaboration. Liability of service provider. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)
  • 6. Technical Measures Detecting and investigating cybercrime. Integrity of evidence. Technical protection systems. Cyber secure culture. Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
  • 7. Organizational Structures Executive management sponsorship. Computer Security Incident Response Team (CSIRT) Accountability and responsibility Involvement of the private sector and the civil society Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
  • 8. Capacity Building Cyber security skills and training User education and Awareness Cyber Security Innovation National Culture of Cyber security Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good practices for combating Cybercrime
  • 9. International Cooperation Cross-border data flow Harmonisation of laws International treaties and conventions Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN) Good Practices for Combating Cybercrime
  • 10. Cybercrime landscape of Malawi Population: ~16 million 49% with access to the internet 6 operators The internet sector has 50 licensed ISPs Mali: 72.1%, Madagascar: 74%, Malawi: 70%) Sources: MACRA, ITU, CTO , World Internet Statistics
  • 11. Cybercrime landscape of Malawi Malawi among bottom 15 of 133 countries for ICT networked readiness (WEF) Malawi among 20 most targeted countries globally, only second to Tanzania 2013: Government payments system (IFMS) was compromised (est. loss: $250m) 2015: official websites of the Malawi Government & official Malawi News Agency Websites down for five days due to hacking Sources: World Economic Forum, 2013 .Check Point Software Technologies ,2015 , http://www.nyasatimes.com/ 2015, BBC
  • 12. Commonly perpetrated cybercrimes in Malawi Scams and Spam Ransomware Vishing/Phishing/ Pharming Defamation/Harassment Identity Theft Hacking and Electronic Vandalism Website defacement Salami Attacks Mobile Money Fraud ATM Skimming Fake lottery / inheritance Money Laundering
  • 13. Challenges in fighting cybercrime in Malawi The borderless nature of the Cyberspace. The anonymity provided the internet. Lack of capacity by law enforcement agents. The ineffectiveness of the Malawian common law to address cybercrime. The absence of suitable legal frameworks to deal with cybercrime. The lack of IT knowledge by the public.
  • 14. Challenges in fighting cybercrime in Malawi No organization for national incident response exists Lack of anonymous reporting mechanisms for members of the public to report cybercrimes A lack of electronic evidence laws or regulations Privacy in tracking down cybercrime is being challenged Lack of Cybercrime statistics and documentation. Traditional investigation methods are not working against cybercrime.
  • 15. Conclusion Technology is evolving every day, there are no perfect frameworks or technologiesthat could be implemented to solve the problem from a long-term perspective. Efforts should be directed at identifying both current problems & new threats and predicting the risks posed by emerging technologies. Any approach to tackling cybercrime should be based on a common understanding that prevention, detection & implementation of countermeasures will be a continuous process of addressing new technological challenges.
  • 16. Recommendations for Malawi Devising Cybercrime policy & strategy Creating effective legal & regulatory frameworks Capacity building, to increase the effectiveness of legal & regulatory frameworks User education and Awareness Use of modern technology in tackling cybercrime Risk-based approach to tackling cybercrime International cooperation Industry collaboration Adopt and ratify international conventions.
  • 17. Recommendations for Malawi Establishing a National CERT Establishing cross-sector national body. (i.e. MACRA) Adopt legislation to outlaw child pornography Take a victim approach to prosecution Harmonization of criminal laws Anonymous reporting of cybercrimes Specialised institutions Clarify roles and responsibilities Electronic evidence laws or regulations
AboutCopyright
息 2025 際際滷