2015 Africa’s cybercrime Survey

Posted on February 10, 2016 01:13 am

The average financial losses from cybercrime in Africa mainland climb to US$ $21 million in 2015, up 42 per cent from a year earlier, according to a survey by an international accounting firm. Internet users may account for less than 10 percent of Africa’s population of 1 billion plus but this is a continent where some Internet cafes provide cards for customers to hold cyber-transactions, thus opening the doors wide open to abuse. In fact, Interpol has already lodged at least 309 complaints with the various countries police concerning abuses of Internet transactions, mostly credit card fraud.Africa is a continent that does not have a law on cyber crime. “”So far, we have been able to handle less than 4 percent of those reported crimes,”” said one of the authors of the report whom i spoke to. When I asked him why, he said its because they’re difficult to handle. Very often, the victim is a card owner in Europe, Australia or United States, but the fraud has been committed via the Internet in Lagos, Nigeria. The thief has purchased goods from online shops in China, and asked that they be delivered to Lagos.Current and former employees are the most-cited culprits of security incidents.Results of the survey showed that 39 per cent of 22 African countries respondents said that former employees are the most likely inside source of security incidents.Besides the threats from current and former employees, 57 respondents said they believed that their competitors were among the prime suspects to commit cybercrime causing financial losses.”It is a quite common phenomenon especially in South Africa, Nigeria, Kenya and Egypt that a company suffers financial losses from detected security incidents that are conducted by their competitors,” said one of the researchers who was involved in the study.

“Financial losses due to the theft of trade secrets is astounding,” he said.He added that financial losses due to the theft of trade secrets are estimated to range from $50 billion to as high as $150 billion annually. “And if we base on a simple calculation using 5 per cent as the 20 respondents out of our total population of survey respondents, this would amount to $20 billion to $86 billion,” noted the report author.Security compromises are a persistent and pervasive business risk in Africa. Most such risks are exposed by outsiders, including law enforcement agencies and fraud monitoring agencies as well as consultants, the survey showed.Despite the high risks, security budgets have declined or remained the same in 2015. Many organizations are undoubtedly worried about the rising tide of cybercrime, yet many have not increased their level of investment in security initiative accordingly the report notes. African countries investment solutions budgets actually decreased by 3 per cent from 2014. And security spending as a percentage of the total IT budget has remained at 5 per cent or less in the past four years.Even though many respondents reported that they have data protection policies in place, they cited lack of a security strategy or vision as a main obstacle to an effective security programme.

Cape Town in South Africa is one of the top four cities in Africa where Cyber crime is rampant
Cape Town in South Africa is one of the top four cities in Africa where Cyber crime is rampant

To prepare for the cybercrime threats of tomorrow, the report authors said that a company should try to ensure that its cyber security strategy is aligned with business objectives and identify the most valuable information assets as well as prioritize protection of high-value data. What’s more, a company should understand its adversaries and assess cybersecurity of third parties.Collaborating with others to increase awareness of cyber security threats and response tactics is also critical to avoid financial losses, it noted.Nigeria has reportedly been identified as the second country, after South Africa, with the most cases of cyber crime, according to the report. Both countries are finding themselves overwhelmed by the sudden outburst of Internet crime, which more often that not takes place in either Lagos, Cape Town, Johannesburg or Abuja.To give credit where credit is due, the Nigerian and South Africa police have prepared themselves by establishing a cyber crime unit under its IT sub-directorate, which has been working.The two governments have also attempted to circumvent this legal void by taking some ad-hoc measures such as establishing cooperation with other countries. They have also signed a memorandum of understanding with other countries that will help the two countries fight transnational crimes such as the trafficking of women and children, the smuggling of firearms, terrorism and cyber crime.

Such MOUs on Transnational Crimes provides a framework for preventing, investigating, disrupting and dismantling transnational crime involving both countries.Overall, African countries identifies cyber crimes as offenses against the confidentiality, integrity and availability of computer data and systems that cover illegal access, illegal interception, data interference, system interference and misuse of devices. Included in this category is hacking.Also, computer-related offenses such as forgery and fraud as well as content-related offenses such as child pornography and offenses related to the infringement of copyright and related rights including intentional aiding and abetting these offenses.What would be an equally important step in the campaign to fight the increase in cyber crime in African countries is to improve the implementation of existing legal instruments, because, regardless of whether it is a low-tech or hi-tech crime, damage and loss has been inflicted on its victims.However, the law and government-sponsored measures are only a partial answer to the problem. IT-based organizations have to remain vigilant against the onslaught of cyber crime that threatens them once they enter the cyber world.In fact, it is important for any institution or individual entering the cyber world to have cyber security plans. This means a commitment to train personnel to handle sensitive data, record transactions and build security technology.

Contador Harrison