CTO Fellowship Report Presentation - Lusungu Mkandawire

Good practices for combating Cybercrime in Malawi

London, UK

15 December 2016

Lusungu Mkandawire

Information Security Manager

Airtel

Outline

• Overview of the assignment

• Good Practices for combating Cybercrime

• Cybercrime landscape of Malawi

• Commonly perpetrated cybercrimes in Malawi

• Challenges in fighting cybercrime in Malawi

• Conclusion

• Recommendations

Overview of the Assignment

Program Objectives and Activities

Study the Cybercrime projects in Nigeria, Bangladesh and Pakistan, identify replicable good practices and develop a compendium. Carry out a desk-based research supplemented by consultations with relevant organizations such as the GSM Association (an association of telecom operators) and the Internet Watch Foundation for further guidance and update the compendium. Survey the Cybercrime landscape of Malawi in consultation with the telecommunications regulator of Malawi (MACRA), and identify the types of Cybercrime commonly perpetrated along with the key challenges in tackling Cybercrime in Malawi. Create a customized good practice guide for Malawi and a national plan of implementation.

Good practices for combating Cybercrime

Legal Measures

Technical Measures

Organizational Structures

Capacity Building

International Cooperation

Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff,

desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)

Good practices for combating Cybercrime

Legal Measures

Comprehensive ICT security legislation.

Effective stakeholder

collaboration.

Preservation of Electronic evidence.

International collaboration.

Liability of service

provider.

Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)

Technical Measures

Detecting and

investigating cybercrime.

Integrity of evidence.

Technical protection systems.

Cyber secure culture.

Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)

Good practices for combating Cybercrime

Organizational Structures

Executive management sponsorship.

Computer Security Incident

Response Team (CSIRT)

Accountability and

responsibility

Involvement of the private sector and the

civil society

Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)

Good practices for combating Cybercrime

Capacity Building

Cyber security

skills and training

User education

and Awareness

Cyber Security

Innovation

National Culture of

Cyber security

Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)

Good practices for combating Cybercrime

International Cooperation

Cross-border data flow

Harmonisation of laws

International treaties and conventions

Sources: initiatives by countries, previous work by the CTO including interviews with CTO staff, desktop research and work done by other entities (GSMA, IWF, Oxford CMM, ITU, ENISA, UN)

Good Practices for Combating Cybercrime

Cybercrime landscape of Malawi

• Population: ~16 million

• 49% with access to the internet

• 6 operators

• The internet sector has 50 licensed ISPs

• Mali: 72.1%, Madagascar: 74%, Malawi: 70%)

Sources: MACRA, ITU, CTO , World Internet Statistics

Cybercrime landscape of Malawi

• Malawi among bottom 15 of 133 countries for ICT networked readiness (WEF)

• Malawi among 20 most targeted countries globally, only second to Tanzania

• 2013: Government payments system (IFMS) was compromised (est. loss: $250m)

• 2015: official websites of the Malawi Government & official Malawi News Agency Websites down for five days due to hacking

Sources: World Economic Forum, 2013 .Check Point Software Technologies ,2015 , http://www.nyasatimes.com/ 2015, BBC

Commonly perpetrated cybercrimes in Malawi

Scams and Spam

Ransomware

Vishing/Phishing/ Pharming

Defamation/Harassment

Identity Theft

Hacking and Electronic Vandalism

Website defacement

Salami Attacks

Mobile Money Fraud

ATM Skimming

Fake lottery / inheritance

Money Laundering

Challenges in fighting cybercrime in Malawi

The borderless nature of the Cyberspace.

The anonymity provided the internet.

Lack of capacity by law enforcement agents.

The ineffectiveness of the Malawian common law to address cybercrime.

The absence of suitable legal frameworks to deal with cybercrime.

The lack of IT knowledge by the public.

Challenges in fighting cybercrime in Malawi

No organization for national incident response exists

Lack of anonymous reporting mechanisms for members of the public to report cybercrimes

A lack of electronic evidence laws or regulations

Privacy in tracking down cybercrime is being challenged

Lack of Cybercrime statistics and documentation.

Traditional investigation methods are not working against cybercrime.

Conclusion

• Technology is evolving every day, there are no perfect frameworks or technologies—that could be implemented to solve the problem from a long-term perspective.

• Efforts should be directed at identifying both current problems & new threats and predicting the risks posed by emerging technologies.

• Any approach to tackling cybercrime should be based on a common understanding that prevention, detection & implementation of countermeasures will be a continuous process of addressing new technological challenges.

It is necessary to take into account the complexity of

Recommendations for Malawi

Devising Cybercrime

policy & strategy

Creating effective legal & regulatory frameworks

Capacity building, to increase the effectiveness of

legal & regulatory frameworks

User education and Awareness

Use of modern technology in

tackling cybercrime

Risk-based approach to

tackling cybercrime

International cooperation

Industry collaboration

Adopt and ratify

international conventions.

Recommendations for Malawi

Establishing a National CERT

Establishing cross-sector

national body. (i.e. MACRA)

Adopt legislation to outlaw child pornography

Take a victim approach to prosecution

Harmonization of criminal laws

Anonymous reporting of cybercrimes

Specialised institutions

Clarify roles and responsibilities

Electronic evidence laws or regulations

Thank You! Lusungu Mkandawire

Lusungu.Mkandawire@airtel.com

+265999989153 www.linkedin.com/pub/lusungu-mkandawire/57/102/283

https://twitter.com/MLusungu