Cybersecurity in Ethiopia

Survey: Cybersecurity Questionnaire

With the growing prosperity and digitization, comes new risks and vulnerabilities that could undermine progress. Chief among these is the rise of cybercrime. According to the Information Network Security Agency (INSA), cyber-attacks in Ethiopia has become a major threat to economic development and national security. According to the Agency, 40% of all cyber-attacks in Ethiopia targeted websites and the remaining targeted key infrastructure facilities as well as hacking attempts on public and private entities. Further, in the past few days, it has been widely reported that hackers based in Egypt carried out a cyber-attack aiming at Ethiopia to create a multi-faceted pressure on Ethiopia in connection with the filling and operation of the Grand Ethiopian Renaissance Dam (GERD).

Our mission is to be the forefront leader in tackling cybercrime in Ethiopia. We do this by way of creating a cyber resilience business framework, raising awareness among key stakeholders including security professionals, and building skills among the youth to protect Ethiopian core infrastructures, information, and its related systems. This survey will assist us in gathering information and understanding the state of cybersecurity in Ethiopia. We would like to thank you in advance for filling this survey.

Question Title

* 1. Please choose the primary industry or field in which your organization provides services

Other (please specify)

Question Title

* 2. Select the security topics that you are interested in (select all that apply) and rate your familiarity with each topic (scale ranges from 1 - 5; 1 = not familiar, 5 = extremely familiar).

	1	2	3	4	5	N/A
Desktop ( Laptop ) Security	Desktop ( Laptop ) Security 1	Desktop ( Laptop ) Security 2	Desktop ( Laptop ) Security 3	Desktop ( Laptop ) Security 4	Desktop ( Laptop ) Security 5	Desktop ( Laptop ) Security N/A
Network Security	Network Security 1	Network Security 2	Network Security 3	Network Security 4	Network Security 5	Network Security N/A
Vulnerability/Penetration Assessment	Vulnerability/Penetration Assessment 1	Vulnerability/Penetration Assessment 2	Vulnerability/Penetration Assessment 3	Vulnerability/Penetration Assessment 4	Vulnerability/Penetration Assessment 5	Vulnerability/Penetration Assessment N/A
Email Security	Email Security 1	Email Security 2	Email Security 3	Email Security 4	Email Security 5	Email Security N/A
Web Security	Web Security 1	Web Security 2	Web Security 3	Web Security 4	Web Security 5	Web Security N/A
Incident/Risk Management	Incident/Risk Management 1	Incident/Risk Management 2	Incident/Risk Management 3	Incident/Risk Management 4	Incident/Risk Management 5	Incident/Risk Management N/A
Cyber Insurance	Cyber Insurance 1	Cyber Insurance 2	Cyber Insurance 3	Cyber Insurance 4	Cyber Insurance 5	Cyber Insurance N/A

Question Title

* 3. If you already have a cybersecurity program in place, is it: (Select all that apply)

In house

Outsourced / Through a managed service

No security program in place

Don’t know

Other (please specify)

Question Title

* 4. How confident are you in your organization’s overall cybersecurity posture? (select one)

Extremely confident

Very confident

Moderately confident

Slightly confident

Not at all confident

Question Title

* 5. How would you rate your organization’s overall ability to resist cyber threats in each of the following areas? (scale ranges from 1 - 5;1 = low, 5 = high).

	1	2	3	4	5	N/A
Web applications	Web applications 1	Web applications 2	Web applications 3	Web applications 4	Web applications 5	Web applications N/A
Cloud applications or platforms (e.g., IaaS, PaaS, SaaS)	Cloud applications or platforms (e.g., IaaS, PaaS, SaaS) 1	Cloud applications or platforms (e.g., IaaS, PaaS, SaaS) 2	Cloud applications or platforms (e.g., IaaS, PaaS, SaaS) 3	Cloud applications or platforms (e.g., IaaS, PaaS, SaaS) 4	Cloud applications or platforms (e.g., IaaS, PaaS, SaaS) 5	Cloud applications or platforms (e.g., IaaS, PaaS, SaaS) N/A
Legacy applications	Legacy applications 1	Legacy applications 2	Legacy applications 3	Legacy applications 4	Legacy applications 5	Legacy applications N/A
Datacenter hardware (i.e.,physical or virtualized computer systems hardware)	Datacenter hardware (i.e.,physical or virtualized computer systems hardware) 1	Datacenter hardware (i.e.,physical or virtualized computer systems hardware) 2	Datacenter hardware (i.e.,physical or virtualized computer systems hardware) 3	Datacenter hardware (i.e.,physical or virtualized computer systems hardware) 4	Datacenter hardware (i.e.,physical or virtualized computer systems hardware) 5	Datacenter hardware (i.e.,physical or virtualized computer systems hardware) N/A
Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points)	Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points) 1	Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points) 2	Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points) 3	Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points) 4	Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points) 5	Network Perimeter (i.e., including consideration of devices such as firewalls, switches, routers, or wireless access points) N/A
End-user devices (e.g., desktops or laptops)	End-user devices (e.g., desktops or laptops) 1	End-user devices (e.g., desktops or laptops) 2	End-user devices (e.g., desktops or laptops) 3	End-user devices (e.g., desktops or laptops) 4	End-user devices (e.g., desktops or laptops) 5	End-user devices (e.g., desktops or laptops) N/A
Mobile end-user devices (e.g., mobile phones or tablets)	Mobile end-user devices (e.g., mobile phones or tablets) 1	Mobile end-user devices (e.g., mobile phones or tablets) 2	Mobile end-user devices (e.g., mobile phones or tablets) 3	Mobile end-user devices (e.g., mobile phones or tablets) 4	Mobile end-user devices (e.g., mobile phones or tablets) 5	Mobile end-user devices (e.g., mobile phones or tablets) N/A
User awareness, training, and experience	User awareness, training, and experience 1	User awareness, training, and experience 2	User awareness, training, and experience 3	User awareness, training, and experience 4	User awareness, training, and experience 5	User awareness, training, and experience N/A

Question Title

* 6. Select all of the applicable negative impacts that security incidents have had on your organization in the past 12 months.

Loss of revenue

Loss of business opportunities

Disruption of business operations

Increase in helpdesk time to remediate

Lawsuits or other legal issues

Corporate data loss or theft

Compromise of systems integrity

Don’t know/unsure

None

Other (please specify)

Question Title

* 7. Select all of the barriers that may inhibit your organization from adequately defending against cyber threats.

Low levels of security awareness, training, and experience among organizational members

Lack of skilled cyber, infrastructure, or information security personnel

Lack of budget

Lack of management support/awareness

Lack of effective solutions available in the market

Inability to justify additional investment

None

Not sure

Other (please specify)

Question Title

* 8. Does your organization currently perform security control validation? Please select all applicable

Antivirus

Endpoint Detection and Response (EDR)

Application Control

Password/privilege

NextGen Firewall/IPS/IDS

Network Access Control (NAC)

Email protection

Cloud service

None

Other (please specify)

Question Title

* 9. Select the remote access features that your organization utilizes:

Citrix

Remote Desktop

Webmail

Web-VPN

SSL-VPN

None

Other (please specify)

Question Title

* 10. Regarding your remote access system(s), how satisfied are you with:

	Extremely satisfied	Very satisfied	Somewhat satisfied	Not so satisfied	Not satisfied at all	N/A
Usability	Usability Extremely satisfied	Usability Very satisfied	Usability Somewhat satisfied	Usability Not so satisfied	Usability Not satisfied at all	Usability N/A
Speed/Performance	Speed/Performance Extremely satisfied	Speed/Performance Very satisfied	Speed/Performance Somewhat satisfied	Speed/Performance Not so satisfied	Speed/Performance Not satisfied at all	Speed/Performance N/A
Accessibility	Accessibility Extremely satisfied	Accessibility Very satisfied	Accessibility Somewhat satisfied	Accessibility Not so satisfied	Accessibility Not satisfied at all	Accessibility N/A
Device support	Device support Extremely satisfied	Device support Very satisfied	Device support Somewhat satisfied	Device support Not so satisfied	Device support Not satisfied at all	Device support N/A
Customer support	Customer support Extremely satisfied	Customer support Very satisfied	Customer support Somewhat satisfied	Customer support Not so satisfied	Customer support Not satisfied at all	Customer support N/A

Question Title

* 11. To what extent does your budget have an impact on the security solutions you are purchasing?

Extremely

Very

Somewhat

Not so

Not at all

N/A

Question Title

* 12. How is your security budget changing in the next 12 months? (Select one and please specify by what percentage?)

Increase

Unchanged

Decrease

Not sure

Question Title

* 13. If the following security solutions are affordable

	Definitely would buy	Probably would buy	Might or might not buy	Probably would not buy	Definitely would not buy	N/A
Antivirus	Antivirus Definitely would buy	Antivirus Probably would buy	Antivirus Might or might not buy	Antivirus Probably would not buy	Antivirus Definitely would not buy	Antivirus N/A
Endpoint Detection and Response (EDR)	Endpoint Detection and Response (EDR) Definitely would buy	Endpoint Detection and Response (EDR) Probably would buy	Endpoint Detection and Response (EDR) Might or might not buy	Endpoint Detection and Response (EDR) Probably would not buy	Endpoint Detection and Response (EDR) Definitely would not buy	Endpoint Detection and Response (EDR) N/A
Application Control	Application Control Definitely would buy	Application Control Probably would buy	Application Control Might or might not buy	Application Control Probably would not buy	Application Control Definitely would not buy	Application Control N/A
Password/Privilege Management	Password/Privilege Management Definitely would buy	Password/Privilege Management Probably would buy	Password/Privilege Management Might or might not buy	Password/Privilege Management Probably would not buy	Password/Privilege Management Definitely would not buy	Password/Privilege Management N/A
Firewall NextGen ( IPS/Antibot/Antivirus)	Firewall NextGen ( IPS/Antibot/Antivirus) Definitely would buy	Firewall NextGen ( IPS/Antibot/Antivirus) Probably would buy	Firewall NextGen ( IPS/Antibot/Antivirus) Might or might not buy	Firewall NextGen ( IPS/Antibot/Antivirus) Probably would not buy	Firewall NextGen ( IPS/Antibot/Antivirus) Definitely would not buy	Firewall NextGen ( IPS/Antibot/Antivirus) N/A
Network Access Control ( NAC )	Network Access Control ( NAC ) Definitely would buy	Network Access Control ( NAC ) Probably would buy	Network Access Control ( NAC ) Might or might not buy	Network Access Control ( NAC ) Probably would not buy	Network Access Control ( NAC ) Definitely would not buy	Network Access Control ( NAC ) N/A
Email Security	Email Security Definitely would buy	Email Security Probably would buy	Email Security Might or might not buy	Email Security Probably would not buy	Email Security Definitely would not buy	Email Security N/A
Phishing Drill	Phishing Drill Definitely would buy	Phishing Drill Probably would buy	Phishing Drill Might or might not buy	Phishing Drill Probably would not buy	Phishing Drill Definitely would not buy	Phishing Drill N/A
Employee training	Employee training Definitely would buy	Employee training Probably would buy	Employee training Might or might not buy	Employee training Probably would not buy	Employee training Definitely would not buy	Employee training N/A
Incident Management	Incident Management Definitely would buy	Incident Management Probably would buy	Incident Management Might or might not buy	Incident Management Probably would not buy	Incident Management Definitely would not buy	Incident Management N/A
Risk Management	Risk Management Definitely would buy	Risk Management Probably would buy	Risk Management Might or might not buy	Risk Management Probably would not buy	Risk Management Definitely would not buy	Risk Management N/A
Cyber Insrance	Cyber Insrance Definitely would buy	Cyber Insrance Probably would buy	Cyber Insrance Might or might not buy	Cyber Insrance Probably would not buy	Cyber Insrance Definitely would not buy	Cyber Insrance N/A

Other (please specify)

Question Title

* 14. Which of the following areas does your organization plan to invest over the next 12 months (select all that applies)?

Web Application

Cloud application (SaaS, IaaS, PaaS)

Datacenter ( Physical and Virtual )

Network Perimeter ( Firewall, Switch, Router )

Desktop (Laptop) security

Vulnerability management

Penetration testing

Mobile Phone

Incident Respone

Risk Management

Cyber Insurance

Train and/or certify existing IT staff to become security experts

Partner with a managed services provider who will provide the resources

Add security staff headcount

No change

Not sure

Question Title

* 15. What is your organization’s approximate annual IT security spend as a percentage of overall IT budget (excluding headcount)?

10 %

20%

30%

40%

Above 40%

Not sure

Other (please specify)

Question Title

* 16. Who ultimately determines the security spend in your organization? (select one)

Board

CEO/President

CFO

CIO

CISO

Security Leader

Other (please specify)

Question Title

* 17. Does your organization conduct phishing drills?

If yes, how often?

If no, when you expect to do so?

Question Title

* 18. Are your employees and contractors required to attend security training?

If yes, how often

If no, when do you expect to start security training for employees?

Question Title

* 19. Does your organization have an external vendor perform penetration tests?

If yes, please specify:

If no, then when do you expect to do so?

Question Title

* 20. Is there a formal incident and risk management program in place?

If yes, how often do you perform tabletop

If not, when do you expect to have it?

Question Title

* 21. What antivirus product does your organization use?

Please specify:

If your organization does not currently use antivirus products, when do you plan on procuring and deploying antivirus products? If any, what products are you considering?

Question Title

* 22. What kind of application control do you use?

Please specify:

If your organization does not currently use application control, when do you plan on procuring and deploying application control products? If any, what products are you considering?

Question Title

* 23. What kind of endpoint detection and response program (i.e., EDR program) does your organization use?

Please specify:

If your organization does not currently use EDR products, when do you plan on procuring and deploying EDR products? If any, what products are you considering?

Question Title

* 24. What kind of NextGen Firewall/IPS/IDS system do you use?

Please specify:

If your organization does not currently use NextGen Firewall/IPS/IDS products, when do you plan on procuring and deploying NextGen Firewall IPS/IDS products? If any, what products are you considering?

Question Title

* 25. What kind of remote access system does your organization use?

Please specify:

If your organization does not currently use remote access system, when do you plan on procuring and deploying a remote access system? If any, what products are you considering?

Question Title

* 26. What kind of Network Access Control (NAC) does your organization use?

Please specify:

If your organization does not currently use Network Access Control (NAC) products, when do you plan on procuring and deploying Network Access Control (NAC) products? If any, what products are you considering?

Question Title

* 27. What kind of internal and external vulnerability management system does your organization use?

Please specify

If your organization does not currently use vulnerability managment products, when do you plan on procuring and deploying vulnerability management products? If any, what products are you considering?

Question Title

* 28. What kind of Cloud service does your organization use?

Please specify

If your organization does not currently use Cloud services, when do you plan on procuring and deploying Cloud services? If any, what kind of Cloud services are you considering?

Question Title

* 29. What kind of Email protection system do you use?

Please specify:

If your organization does not currently use Email protection products, when do you plan on procuring and deploying Email protection products? If any, what products are you considering?

Question Title

* 30. If you want us to contact you further to discuss your security architecture, please fill the information below and submit. ( You can also send us an email to info@cyberGasha.com ). All personal and contact information collected from this survey will not be associated with the answers you have provided so far and will only be used for communication purposes.

Name:

State:

Country:

Job Title:

Company:

Company size:

Email address:

Page1 / 1

100% of survey complete.