Regional Initiatives on Cyber Security Awareness

Written by:
Bernard Cudjoe, AU-GFCE Liaison.
Cherie Lagakali, Senior Advisor, GFCE Pacific Hub.
Valentina Name, Cybersecurity Project Officer, OAS.
Giouli Lykoura, Advisor, GFCE Secretariat.
Anna Noij, Advisor, GFCE Secretariat.

Since 2022, the GFCE has focused on strengthening its demand-driven approach to ensure a community-driven cycle of cyber capacity building. To achieve this, the GFCE has been focusing on accurately defining needs through a regional approach, stocktaking the existing supply that the GFCE community has to offer, and addressing gaps to the GFCE community. The GFCE’s regional efforts have enabled a better understanding of local contexts and have highlighted the importance to listen to local needs. It has also helped to make existing expertise and knowledge available from one region to another.

Every year in October, Cybersecurity Awareness Month, various initiatives that raise awareness of issues pertaining to cybersecurity are initiated or promoted to further spread awareness. This year, in line with the GFCE’s regional focus, the GFCE Regional Hubs and Liaisons have highlighted several initiatives that raise cybersecurity awareness in their respective regions. The following article provides an overview of a few initiatives in Africa, Latin America and the Caribbean, and the Pacific. These initiatives are only a handful of projects or resources tackling cybersecurity awareness in these regions. For a longer list of resources on cybersecurity awareness and other topics, visit the cyber capacity building knowledge hub CybilPortal.org.

Africa

Safeguarding cyberspace is crucial to a continent that is fast developing its digital economy and infrastructure. Businesses and individuals need to develop cybersecurity consciousness to help mitigate cybercrime. Cyber-attacks are ranked the seventh most likely and eighth most impactful risk facing businesses globally, and Africa faces this risk the most. Cyber threats are now more on humans than infrastructure, and safeguarding people, data, and systems is paramount in Africa.

Phishing, ransomware and malware attacks are the predominant threat that African countries face, and there is a significant gap in the capacities of actors. Available data show that ransomware and malware attacks increased to 435% and 358% in 2020, according to the Global Risks Report 2022 by the World Economic Forum (WEF).

Africa recorded a huge portion of these attacks, meaning cybersecurity awareness must be at the heart of all stakeholders in ensuring a safe cyberspace. It has been established that raising cyber awareness among people on how to recognize, reject and report threats can significantly help mitigate cybercrime.

Raising cyber awareness becomes a collective responsibility among stakeholders to build synergies, ensure compliance in staying safe on the internet, and ensure business continuity. Relentless effort in educating children, businesses and policy leaders on cyber hygiene best practices must be prioritize and allocated a significant investment. There is a call for authorities to intensify public awareness and enhance public-private sector understanding of cybersecurity norms and regulations.

Amongst the various cybersecurity awareness initiatives of the region, these were highlighted:

1. Cybersecurity Authority Ghana National Cybersecurity Awareness Month (NSCAM)
   To effectively implement Act 1038, the Cyber Security Authority (CSA) seeks to leverage on the 2022 edition of the annual National Cyber Security Awareness Month (NCSAM) to raise awareness and build capacity on this important development through the theme “Regulating Cybersecurity: A Public-Private Sector Collaborative Approach”.
2. CyberX Conference and Exhibition, 20-22 October 2022, Accra
   CyberX Africa is Africa’s biggest international Cyber Expo. The 2022 CyberX Africa Conference and Exhibition presents the latest innovations, solutions and technologies in cyberspace, the metaverse, as well as a wide variety of thought leadership and training workshops on cybercrime, data protection and privacy, international cyber law, cyber governance and homeland security.
3. African Cybersecurity Conference – African Union Commission, 26 – 27 October 2022
   With the objective of raising awareness and build capacity on cybersecurity imperatives for Africa’s digital transformation, taking stock of the state of play with respect to Child online safety in Africa, sharing knowledge and expertise through lively sessions designed to shed more light on the focus areas from an African and Global perspectives, and developing capacity of key African stakeholder groups (e.g. law enforcement, policy makers, judiciary, parliamentarians, diplomats …etc) through targeted workshops, sessions and exercises.

Latin America & Caribbean

Given the speed with which the internet is advancing and as a result cyberattacks, it is essential to create the environment for measures that can be adopted by the region, to create a safer cyberspace. However, these measures cannot be generated or adopted if it is not through the creation of a more conscious cyber security environment, not only at the governmental or institutional level, but also within the communities of each country. That being said, the meaning of cyber awareness is to act, train and create knowledge through workshops, trainings, evaluations, cybersecurity strategies, and targeted awareness campaigns. This will ensure the region has tools that will help strengthen the country’s infrastructure and raise the level of knowledge that could prevent a compromise of an entire sector. Consequently, building a more cyber aware region will lead to positive outcomes, such as, creating greater confidence in the use of ICTs, making technological development safer, and respecting the fundamental values ​​and rights of everyone within the cyberspace.

The main threats at the regional level can be considered:

• Ransomware attacks to critical industries, banking, government, manufacturing, healthcare, and food and beverage.
• Targeted attacks to target cloud vendor credentials and mainly focus on entities in government and other industries.
• Malware with cryptocurrency miners being the first.
• Online threats such as Email threats and malicious URLs.

Amongst the various cybersecurity awareness initiatives of the region, these were highlighted:

1. CoE: Promoting the role of women in preventing, investigating and prosecuting cybercrime
   The International conference on promoting the role of women in preventing, investigating and prosecuting cybercrime is expected to build on the experiences gained through the capacity building activities implemented by the Council of Europe Cybercrime Programme Office as well as existing research by the Council of Europe and other stakeholder.
2. CoE: Americas Regional Forum on cooperation on cybercrime and electronic evidence (7-9 November 2022)
   The Americas Regional Forum will be an opportunity to assess the progress achieved at policy level in the region and to facilitate the exchange of knowledge and practical experience on current threats and investigation tools. The event will offer the participants a chance to expand their knowledge on the procedures and tools brought by the Second Additional Protocol to the Convention on Cybercrime.

3. OAS Confidence Building Measures
   The purpose of the meeting will be to discuss, among other things, new and agreed-upon cyber Confidence Building Measures (CBMs) and to strengthen regional cooperation, transparency, predictability, and stability in cyberspace.
4. Launch of the OAS Gender project on Cyber Capacity Building (Date TBD)
   The event aims to present the background and objectives of new Cybersecurity Gender Project of the OAS Cybersecurity Program funded by the Government of Canada, as well as other ongoing initiatives to address the gender dimensions of cybersecurity from the public and private sector, academia, and digital rights organizations.
5. GFCE Regional meeting for the Americas
   The purpose of the regional meeting is to discuss the role of the GFCE in Latin America and the Caribbean and how best to coordinate capacity-building efforts in the region.
6. ITU 10th CyberDrill for the America Region- Honduras 2022
   The International Telecommunication Union (ITU) improves cybersecurity readiness, protection, and incident response capabilities of Member States by conducting CyberDrills at the regional and international levels. A CyberDrill is an annual event during which cyber-attacks, information security incidents, or other types of disruptions are simulated in order to test an organization’s cyber capabilities, from being able to detect a security incident to the ability to respond appropriately and minimize any related impact.

Pacific

The Pacific is no easy terrain. The Pacific is characterised by its remoteness from mainland Australia and New Zealand, and Southeast Asia with many small island economies scattered across an area the size of half the Asian continent. Yet, the region is bustling with innovative entrepreneurs and people are embracing the digital future at a rate much faster than some Pacific island governments can regulate or understand. As large part of this is raising cybersecurity awareness, of which there are several initiatives in the region.

CERT Tonga

This October CERT Tonga collaborated with Tonga Women in ICT (TWICT) to mark the cyber security awareness month. The awareness sessions focused on talks to the schools to present Tonga’s cybersecurity threats, the services provided by CERT Tonga what the cyber security tips are which will help them be safe, secure online and secure their devices too. CERT Tonga is planning a big event for next year and the focus from here onwards is to get sponsor/donor to support in hosting this event. The current cyber threats faced are scam and phishing emails therefore CERT Tonga provides advice to constituents through social media posts on Facebook and Twitter for the public to be aware of.

CERT Samoa

The Samoa Cyber Emergency Response Team (SamCERT) is running various cyber security awareness activities throughout October. As a new CERT, this is its first attempt since establishment under the theme of “Cyber Smart Samoa” to demonstrate the need to be visual to the community and making sure that it is all about the people of Samoa. In reaching out to the community, SamCERT started with cyber radio talkback every day at 10am every morning since the first week of October. The sessions follow four themes which are in line with those promoted throughout the Pacific – upsizing passwords, upgrading to two factor authentication, updating apps and software and, upholding privacy. The main event was a Hackathon where businesses, academia and schools were invited to participate in a coding activity where the winner would develop the SamCERT website. The Hackathon is called SamHACK pronounced ‘smack’ as we all need to wake up, that cyber incidents are real.

The Government of Samoa and its development partners through the Department of Foreign Affairs and Trade Australia and, the Ministry of Foreign Affairs and Trade New Zealand, its regional partners CERTNZ, GFCE and, the Samoa Information Technology Society (SITA) are all standing together to support Samoa’s fight against cybersecurity issues. SamCERT is a young division under the Ministry of Communications and Information Technology. The Ministry is using the opportunity to provide a leading role in promoting this area and, supporting the overall vision: “For all citizens of Samoa, tourists, businesses, and Government to enjoy the full benefits of a secure and resilient cyber space.”

Amongst the various cybersecurity awareness initiatives of the region, these were highlighted:

1. Cyber Smart Tonga
   For Cyber Month, each week a topic is chosen to focus on e.g –  “strengthening your password/upsize your password” security tips are updated twice a week focusing on the selected topics, and disseminated security advices such as Security Bulletin & advisory to both social media platforms. This year CERT Tonga will be collaborating with Tonga Women in ICT (TWICT)conducting awareness session to schools.
2. Cyber Smart Pacific
   The campaign Cyber Up Pacific began on  17^th October. Its look, feel and messaging were developed collaboratively between the awareness working group members and CERT NZ to encourage and engage people across the Pacific to be more secure online. Done through four key steps: Upsize passwords, Upgrade to two-factor authentication, Update apps and devices and Uphold your privacy.
3. Vanuatu IGF Awareness campaign
   In the next two weeks the Vanuatu IGF team will be travelling up north to Malo Island, which is 40 minutes flight from Port Vila to Santo and then 1 hour boat ride to get there to visit 5 schools and 17 communities to talk about online safety. A recent adventurous trip to Ambrym Island was planned for 2 weeks, and on the day the team was supposed to return, the domestic pilots went on strike, there were no flights to/from that island. The team did not wait and instead for 2 hours caught a ride on a banana boat to get to the west side of the island, spent one night there and then early the next morning at 4 am, caught a banana boat from Ambrym to Malekula which is about 4 hours and from there coincidently lucky a plane happened to be at the airport and they forced our way to catch the last seat to get back to Port Vila…some of these adventures are used as stories when talking about internet safety to people in our communities. Overall on that trip, over 2,500 students and people in the communities engaged with.