The Cyber Security Authority (CSA) has warned universities and other operators of Critical Information Infrastructure (CII) in Ghana to enhance their cybersecurity measures and adhere to the nation’s Directive for the Protection of CII, following a recent cyberattack on the University of Nottingham in the United Kingdom.
In a press release dated June 16, the Authority indicated that this incident should act as a wake-up call for educational institutions and other critical sectors throughout the country.
“The University of Nottingham incident should serve as a reminder that no educational institution, regardless of its size, reputation, or technological sophistication, is immune to cyber threats,” the CSA stated.
The Authority reported that the attack is estimated to have impacted around 450,000 students and alumni, compromising sensitive data, including personal records, contact details, student identification information, and financial data.
The CSA emphasised that although the breach took place outside of Ghana, its repercussions are significant for the nation’s education sector and other critical industries.
“While the breach may have occurred thousands of miles away from Ghana, its implications are relevant to our education sector and other CII sectors, such as Health, Telecommunications, and Transportation,” the statement said.
The Authority noted that Ghanaian universities are experiencing rapid digital transformation, with the increasing prevalence of student information systems, online learning environments, cloud services, digital payment platforms, and research collaborations.
While these advancements have enhanced efficiency and accessibility, the CSA cautioned that they have also created more opportunities for cybercriminals.
“The question is therefore not whether Ghanaian universities or other critical sectors will be attacked, but whether they are sufficiently prepared when an attack occurs,” the statement added.
Consequently, the CSA urged all owners of Critical Information Infrastructure, especially educational institutions, to adhere to the Directive for the Protection of CII, which was introduced in October 2021.
According to the Authority, this directive is part of regulatory measures designed to bolster cybersecurity across critical sectors and ensure the safeguarding of essential services and national interests.
“Recognising the growing threat landscape, the CSA has developed regulatory frameworks aimed at strengthening cybersecurity across critical sectors,” the statement said.
It further stated that “the CII Directive seeks to ensure that operators of critical digital systems implement appropriate safeguards to protect essential services and national interests.”
The Authority indicated that the directive encourages organisations to establish cybersecurity governance structures, perform risk assessments, implement security controls, report incidents, conduct regular audits, and develop strong incident response capabilities.
The CSA urged institutions to adopt proactive measures to enhance their cyber resilience and protect critical digital infrastructure from emerging threats.
Read the full statement below
