ICPAU webinar on cybersecurity and IT risks: are you secure online?

In mid-June 2020, someone called requesting my help recover his personal Gmail address that had been hacked. You could hear his desperate voice on the other end of the call. He explained that since the coronavirus pandemic, board members decided to be sending all official documents and board packs to several preferred emails of each board member.

“Can you recover my Gmail password and get it from the hackers. I am afraid they are going to see all the board papers and details, which will be catastrophic,” he said.

Any victim of cybercrime needs their service restored as soon as possible. But it is not that easy. One must have practiced appropriate cyber hygiene to make the process easier. Online privacy and security are the top lists by all tech providers like Google, Apple, Facebook, Microsoft, and others. Many now provide multiple authentications. On any social media account or cloud email, you will find two-factor authentication ready. However, the individual user must take an interest in their security settings and enable the setup for improved security and protection against hackers within their profiles.

Few people make use of the security features available on many online platforms like Gmail. People rarely set the two-factor authentication to facilitate password recovery via their mobile phone using a code that is sent.

Failure to implement such setups, it easy for hackers to exploit their accounts quickly.

When the Institute of Certified Public Accountants of Uganda invited me to speak to its members about cybersecurity on 29th July 2020, I was elated. Accountants are custodians of financial resources. As ICT infrastructure spending for both hardware and software increasingly takes the lion’s share of the budget, accountants and finance officers must understand how to optimize the investment as well as protect the asset from loss due to cyber breaches and becoming outdated due to poor technology choices or software invested.

Below is a summary of my presentation to accountants about cybersecurity.

  1. Security is everyone’s responsibility
  2. In the next two hours, you are going to learn about why cybersecurity matters to you, the common attack vectors in Uganda, and the next steps. You will see a live demo of the keylogger and other phishing common security breaches
  3. To understand the profile of the members on this webinar, please take one minute to complete this quiz, https://www.summitcl.com/cyber-hygiene-2020/ How much do you estimate Uganda loses annually to cybercrime incidents. During the webinar, below are the results of the attendance survey. About 250 people attending the live webinar, completed the study. The results are in Figure 1 and Figure 2. Figure 1 shows that 64% of the members are managers.  And 10% are at the shareholder or founder level, making the right audience since cybercrime plan must be driven from the top, just like all other critical initiatives. In Figure 2, about 43% of the members indicated they do not know the cost of fraud. And 27% reported that the loss due to cybercrime is less than Ugx. 5m about the US $1,370. The challenge with cybercrime incidents is like rape; many victims prefer to keep quiet and not report anything at all. Also, many companies lack mechanisms for cybercrime reporting, making people fail to understand the problem of fraud.
  4. The worst problem is the one you do not recognize. You cannot treat an illness; you do not know you have. And that is what makes cybercrime a problematic monster to manage.
Figure 1: composition of webinar attendees
Figure 2: Estimated Annual loss due to cybercrime

5. You must be concerned about cybercrime regardless of your profession—the average cost of cybercrime incidents to organizations, US $13.0m globally as of today. The average cost of a single phishing incident is the US $17,700, compare this to an average cost of a single bank robbery/ theft incident is just the US $8,100.

6. According to the Uganda police cybercrime report, in 2019, cybercrime cases were 248 leading to an estimated loss of Ugx. 22.4 billion, compared to 2018, when the cases were 198 with a total loss of Ugx. 610 million. The average cost per case continues to rise tremendously due to increasing attack vectors and the sophistication of cybercriminals.

Figure 3: Uganda police cybercrime report 2019

7. In Figure 3, electronic fraud accounts for over 68 cases. These are expected to continue rising.

8. Listen to the complete presentation below. You will also watch the demo.

9. To download the PPT, ICPAU-Cybersecurity-IT-Risks-Webinar.pdf (153 downloads)

10. The second short survey that was not answered due to time is, Link to the Survey, I request you take off a few minutes and complete this survey now.

After the presentation, members asked so many questions. These are detailed below:

Question 1:

With the threat of cybercrime (to businesses), it is clear there needs to be a shift in the conversation if any real improvements are to take place. But what happens if questions about cybersecurity are not raised? Do businesses need to have rained (and designated) information security experts as part of the staff or is a third-party trusted information security and risk advisor is adequate? Asked by Ajionzi Maurice


Many companies now have focused on board diversity in terms of skills. Boards have a slot for cybersecurity professionals. Where this is not possible, boards have an option for a technical advisor who may be co-opted on the board to help with matters to do with ICT investment and cybersecurity.  Besides, many companies now have expert advisors to guide EXCO as independent experts to complement the internal ICT team.  In simple, consider:

  1. a) Employing an Information Security Expert on a retainer (independent of the organization’s staff), or
  2. b) Work with trusted information security & risk advisors, through security as a service.

For detailed questions and answers

Copyright Summit Consulting Ltd, 2020. All rights reserved.

Share this



Related Articles

The changing role of a procurement professional in the era of VUCA

It is very easy to think that anyone can do procurement. Yet this is one of the most complex business processes. You must have

What is your organisational culture type?

A lot of work has been done in the field of organisational development and change management. One of the major causes of strategy risks

Your vision is limited by your exposure, networks, and knowledge

Everyone has experienced life-changing events. Mine happened many years ago, when I failed an interview for admission at Munteme Technical College (TECO), one of

What is effective strategy formulation and execution?

Strategic planning and strategy execution are two different things. Everyone can plan, but not all plans are easy to execute. If you reviewed the

About Author