Financial Crime World

Here is the converted article in markdown format:

Morocco’s Cybersecurity Efforts: A Growing Concern for National Security

In recent years, the Moroccan government has taken concrete steps to strengthen the country’s cybersecurity posture. In 2016, King Mohammed VI materialized the national directive for the security of information systems developed by the General Directorate for Information Systems Security (DGSSI), which applies to all information systems of administrations, public bodies, and critical structures.

Enhancing Cybersecurity Standards

The DGSSI has issued various directives aimed at enhancing cybersecurity standards in Morocco. For instance, Directive No. 3/W/16 outlines essential regulations that credit institutions must adhere to when performing penetration tests on their information systems.

Global Ranking

In 2017, the second edition of the Global Cybersecurity Index (GCI) ranked Morocco 49th globally and 4th in Africa. While this ranking improved over the years, Morocco still faces significant challenges in terms of cybersecurity. The ITU’s latest GCI report, published in June 2021, placed Morocco in 50th position out of 182 countries.

Progress and Challenges

Despite these challenges, Morocco has made notable progress in recent years. In 2018, PwC-Maroc published the first ‘Global State of Information Security® Survey – Focus Morocco,’ which revealed that most Moroccan companies are aware of cybersecurity challenges and are investing in robust cybersecurity solutions. However, compliance remains a major obstacle.

Reference Framework for Audit Service Providers

In 2020, the DGSSI established a reference framework for audit service providers, aimed at consolidating requirements for their accreditation. This move is expected to enhance trust and confidence in the cybersecurity landscape.

Impact of COVID-19

The COVID-19 pandemic has accelerated the shift towards remote work, exposing Morocco’s organizations to increased cybersecurity risks. In response, the government has enacted laws aimed at strengthening information security, such as Law 05-20, which recommends entities adhere to minimum rules and security measures to ensure the reliability and resilience of their information systems.

Maturity Assessment

The DGSSI and the Global Cyber Security Capacity Centre at the University of Oxford recently conducted a maturity assessment of Morocco’s cybersecurity capacity using the Cybersecurity Capacity Maturity Model (CMM). The analysis revealed that five dimensions need to be considered:

  • Developing a cybersecurity policy and strategy
  • Promoting a responsible culture and society in cybersecurity
  • Enhancing knowledge and capabilities in cybersecurity
  • Establishing effective legal and regulatory frameworks
  • Managing risks through standards and technologies

International Cooperation

In 2022, Morocco signed the 2nd Additional Protocol to the Budapest Convention on Cybercrime, aimed at strengthening cooperation and the disclosure of electronic evidence. The country has also partnered with international organizations, such as Deloitte Morocco Cybersecurity Center (MCC) and the Mohammed VI Polytechnic University (UM6P), to promote research and development in cybersecurity.

Challenges and Recommendations

Despite these efforts, Morocco still faces significant challenges in terms of cybersecurity. Some of the key challenges include:

  • Lack of awareness and education about cybersecurity threats and best practices
  • Shortage of skilled and well-trained workforce to combat evolving cyber threats
  • Budget constraints for small and medium-sized enterprises (SMEs) and public institutions
  • Regulatory and compliance gaps
  • Cross-border threats, including limited international agreements and varying legal frameworks among countries
  • Legacy systems that rely on outdated technology
  • Growth of cybercrime, including ransomware attacks, social engineering attacks, and financial frauds

To enhance cybersecurity wellness in Morocco, a holistic approach involving individuals, businesses, government agencies, and cybersecurity professionals is crucial. Some recommendations include:

  • Promoting awareness and education about cybersecurity threats and best practices through public campaigns and training programs
  • Developing a skilled and well-trained workforce to combat evolving cyber threats
  • Encouraging public-private partnerships to share resources and expertise in cybersecurity
  • Strengthening regulatory frameworks and compliance measures
  • Implementing effective incident response planning and preparedness measures
  • Collaborating with international organizations to address cross-border threats

By addressing these challenges and recommendations, Morocco can enhance its cybersecurity posture and protect its critical infrastructure from cyber threats.