I once used to conduct security assessments at some public institutions in Ghana. They were usually routine security assessments: just checking to see what security measures had been implemented on some users’ computers and devices.
One time, I was checking out at a user’s workstation. I pressed a button on their keyboard and their computer monitor came on displaying the login screen. That seemed adequate enough.
But then I flipped over the keyboard at their desk and found a piece of paper. On that piece of paper was their login credentials. I typed it in and I had access to their workstation.
That might not seem so harmless but I have more nightmare stories about lack of security awareness at Ghanaian companies. Sometimes users don’t even have password locks or login screens on their computers. There is a wide practice of USB sticks being passed around from laptops to desktops without checks performed by Antivirus software. Sometimes, these antivirus softwares are outdated.
Even worse, users are just too passive when it comes to downloading files online and even opening attachments when going through their emails without verifying the source of the sender.
Security seems like an afterthought in some Ghanaian institutions. But with the recent cyberattack, we have no excuse to be passive.
WannaCry Ransomware
On 12 May 2017, a hacker group released a ransomware program called WannaCry which affected computers worldwide.
When the program was activated, it encrypts a computer’s data and then spreads out to other random computers on the internet. The program displays a message informing the affected user that their files have been encrypted and demands a payment of $300 in bitcoin within three days. Failure to make payment within the time specified will result in the user’s files being encrypted forever.

This attack has had far reaching implications. The attack affected many National Health Service hospitals in England and Scotland and up to 70,000 devices — including computers, MRI scanners, blood-storage refrigerators and theatre equipment — were affected.
Nissan, one of Europe’s most productive car manufacturing plants, was affected by the attack and had to halt production.
The TechNova website was temporally offline because apparently, one of the host servers was affected.
Thankfully, the problem has been resolved for the time being thanks to an emergency patch released by Microsoft. But experts say that this might be the beginning
Security Conscious
If a ransomware software was able to slow down companies in Europe, what chance do we have in Ghana?
It doesn’t seem like most companies take security as serious as they should. It only seems like an afterthought. I know for a fact that many IT departments aren’t as resourced as they should be and many don’t adequate IT security measures in place.
I feel like its only a matter of time before we get hit with something major which effectively shuts down most of the operations in Ghana.
Users need to be more security conscious. They need to be up to date with the latest security updates and keep their operating systems updated. Hackers are getting more efficient and sophisticated with their attacks.
I don’t feel like we’re ready for what comes next. When the next cyberattack comes and Ghana gets hit, it might be too late to fix the problem.