African countries need robust cyber defence strategies

Posted on January 9, 2017 12:22 am

The challenges of the digital age which include advancing and protecting interests online demands robust cyber defence strategies. A secure cyberspace offers confidence and trust for individuals, private and public sector to share ideas, information and innovate. The security threats Africa face online are real and they are growing in severity and frequency. There’s need for African countries to develop strategy that addresses how African countries can continue to protect themselves and be more resilient to malicious cyber activity as individuals, government, businesses and as a continent. The recent cases reported regarding the alleged stealing of information from African corporate and government systems highlights the potential threat of cyber espionage.No doubt Africa is the victim of an ongoing cyber espionage campaign and the specific target is African corporate and government computer systems and the data contained within these systems.Therefore, strategies are needed to reinforce the importance of the need to protect Africans against varied security threats including cyber threats such as cyber espionage and proposed the creation of cyber security centres across the continent. The strategy should highlight that African governments, businesses and individuals face a range of cyber-related threats such as state-based and commercial espionage.If African countries fully realise the social, economic and strategic benefits of being online, they must ensure the Internet continues to be governed by those who use it not dominated by governments but countries shouldn’t allow cyberspace to become a lawless domain where online criminals rules. In my view, cyber security strategies can provide unique opportunities for innovation and the sector will allow millions of African businesses to grow and prosper.In recent months more cyber espionage attacks have been reported around the continent with the attacks being aimed predominantly at corporate and government organisations.The focus of the attacks was information stored on those organisations’ computer systems mainly through ‘spear phishing’ attacks.This poses the question as to why governments or criminals are interested in stealing information.

The answer is simple. Criminals do not have to send agents to locations in order to steal information, they are able to infect computers and harvest all the information from the infected computers remotely with the assumption that there may be very sensitive information contained within the harvested data.The users of the infected computers may not know that it is infected, so the data-gathering period can carry on for an extended period of time. In most cases, once the infection is identified, it is very difficult to trace the true source of the attack or where the information is ultimately being sent. The source of the attack can in most cases be traced to an IP address in another country but that does not necessarily mean that the attack is linked to that country in any way as the identified host itself could be an infected computer being controlled by individuals from an entirely different location.In my understanding, a successful spear phishing attack needs resourcing, planning, coordination and consideration as to who will be the target of the attack, that is, which organisation and which specific individuals within that organisation will be targeted. In Africa, there are clear cases of true sophistication in the planning and implementation of the latest generation of spear phishing attacks.African countries need a national holistic approach to this problem of cyber protection, which must cover a wide range of issues covering the protection of corporate and government systems, protection for small businesses, research funding for African universities to help support the cyber protection of Africa and the development of cyber safety campaigns for all Africans. African countries have recently held cyber security awareness events and there’s hardly any coverage in the mainstream media. All Africans should have easy access to information about cyber protection and more importantly what to do if they have concerns.There has been numerous government initiatives in recent years in countries like Nigeria, Ghana, Egypt, Morocco, Tanzania, South Africa and Kenya to developed cyber initiative to raise awareness about cyber safety among young people and the African internet security initiatives to assist and provide advice to internet service providers and their customers. In conclusion, African countries should put in place policies and strategies for protecting Africa against the growing cyber risk and also articulate how they will safeguard Africa in the ever evolving cyber sphere.

Contador Harrison