How well are North African countries doing in protecting digital systems from external threats?

A July 7 story in IT News Africa cites data from the second Global Cybersecurity Index for 2017 that was recently released by the International Telecommunications Union (ITU). The index measures how countries work on cybersecurity in terms of legal efforts, technical capabilities, capacity building and international partnerships.

The report gives Algeria a score of 0.432, and ranks it 68th globally. The report attributes the strength of Algeria’s effort to “officially recognized partnerships across borders” and the “sharing of secret security assets with other nation states.”

Morocco is ranked 49th globally, with a score of 0.541. It is credited with developing its own cybersecurity framework based on international standards.

Discussing these results with Maghreb News Wire on Sept. 21, senior business analyst and cybersecurity professional Bob Darvish warned against the practice of working internationally without certain defined limitations meant to protect national systems.

“You're trying to secure your systems from outside intrusion,” Darvish said. “One of the weaknesses I see is that anytime you partner your cybersecurity with another country, you're giving in to the other nation’s interests and motives.”

If a country partners with the U.S., Darvish said, they're likely to benefit from the relationship. However, other countries, he said, can be very risky partners. Darvish specifically mentioned the enormous hacking cultures rampant in China and India, and suggested that outsourcing there can cause major problems.

In general, Darvish said, countries need to avoid outsourcing cybersecurity, especially for government offices.

“You need to hire local and loyal cybersecurity professionals,” Darvish said. “It should not be outsourced.”

In fact, Darvish said, outsourcing to nations with known hacking communities is a disturbingly common practice. Darvish made the example of how Russian KGB agents would traditionally try to infiltrate IT systems. These days, Darvish said, spies and other shady actors are likely to get hired into access that will help them to get their hands on sensitive data.

“You’re literally defeating the purpose of cybersecurity to begin with,” Darvish said, adding that IT staff in general should always be vetted to control the chances of insider threats.

In the end, a high national ranking may mean a country has made progress, but most governments still have a lot to do when it comes to battening down the hatches and keeping hackers out.