Financial Crime World

Namibia’s Cybersecurity Lacking: USSD Codes Expose Financial Services to Threats

Widespread Use of USSD Codes in Africa

A recent report by the GSM Association highlights the widespread use of Unstructured Supplementary Service Data (USSD) codes in accessing financial services, especially on feature phones. In Africa, a staggering 90% of mobile money transactions are still driven by USSD.

Security Concerns with USSD

However, security testing for USSD has revealed significant threats and vulnerabilities, including remote unauthorized access to and tampering with mobile devices. This highlights the need for better cybersecurity measures in Namibia and other African countries.

Lack of a National Center for Cybersecurity in Namibia

In Namibia, the lack of a national center for identifying vulnerabilities and threats, communication to stakeholders, and continuous monitoring of threats, attacks, and vulnerabilities is a major concern. This has led to a thriving cyber crime ecosystem, hindering digital expansion and growth in the country.

Private Sector Efforts to Fill the Gap

The private sector is attempting to fill this gap by providing some threat analysis and monitoring services through secure operation centers (SOCs) and security information and event management platforms. However, these services are limited and not included by default in most organizations.

Cybersecurity Awareness is a Major Issue in Namibia

Cybersecurity awareness is also a major issue in Namibia, with low levels of awareness among rural and limited-access populations. The Fiber to the Village project has increased access to cyberspace, but this has also led to an increase in cyber risks. Prior internet exposure in rural communities is low, making inhabitants extremely vulnerable when they come online.

Country’s Overall Security Maturity

The country’s overall security maturity in terms of awareness is extremely low, with organizations, especially micro- to medium enterprises, inadequately prepared to guard against a growing cyber crime ecosystem. This has led to Namibia being considered one of the most exposed countries in Africa.

Government’s Response: National Cybersecurity Strategy and Awareness Creation Plan

In response, the government has launched the National Cybersecurity Strategy and Awareness Creation Plan, which aims to protect critical information infrastructure, educate the public, and collaborate with public and private entities on cybersecurity. The plan targets various sectors, including:

  • Government employees
  • Schools
  • General public

Implementation of the Plan

The implementation of the plan began with a memorandum of understanding between the government and Namibian company SALT Essential IT for an initial five-year period to develop and deliver cybersecurity training to the government sphere.

Multi-Stakeholder Approach Needed

Experts warn that raising awareness is only one building block for an improved security posture, and a meshed approach is required that includes partnerships with the private sector for the development of secure applications and infrastructure. Targeted solutions are needed to build up security nationally, especially in light of Namibia’s low levels of digital inclusion and literacy.

Conclusion

Namibia’s cybersecurity landscape is lacking, exposing financial services and other sectors to significant threats. The government’s National Cybersecurity Strategy and Awareness Creation Plan is a step in the right direction, but more needs to be done to build up security nationally and protect against the growing threat of cyber crime.