Biggest cybersecurity threats in Africa

August 23, 2017

The threats to data loss and infrastructure attacks has seen African business cybersecurity threats materialize to levels not seen before in the first half of 2017 according to the latest data in your blogger’s possession. Data shows that first half of 2017 has seen intensified cyber attacks, new regulations and a shift in how businesses approach cyber risk management across Sub Saharan Africa. Among the threats reported include nation state cyber espionage, a rise in data integrity attacks and an increase in attacks harnessing Internet of Things devices. With cybersecurity firmly entrenched as one of the most consequential issues impacting security in Africa, politics, economic stability and transactional crime, an understanding of existing and emerging cyber risks is more relevant than ever before. After analyzing the data, it is clear that cybersecurity threats facing businesses are immense and report authors provide recommendations on how organizations in Africa can increase their resilience in the face of these threats.The influx of cloud-based applications, coupled by the strong movement to embrace digitization and Bring Your Own Devices trends, present a fertile ground for cybersecurity attacks that are happening across multiple layers in Africa.That’s a trend report authors note that it will probably be seen a lot more going forward because the reality is it’s very cheap for criminals to do so. A lot of such campaigns are not sophisticated when it comes to cybersecurity. However report notes that certainly, nation states will continue to engage in such types of operations going forward.It is no surprise that cyber threats have expanded ground to include new platforms and avenues ripe for exploitation, and in more diverse attack tactics such as social engineering and ransomware.There is an increase in IoT devices compromised, harnessed as botnets, and used as launching points for malware propagation, SPAM, DDoS attacks and anonymizing malicious activities in Kenya, South Africa, Namibia, Ghana and Nigeria. Africa’s mining and utilities sectors have become hugely dependent on supply chain automation to improve profitability and increase efficiencies which includes use of technologies. Bad actors are said to have launched several attacks in such mining companies in Namibia, Zambia and Tanzania. Cyber espionage will continue to influence African politics and will remain African regions great concern as countries continue to develop deep pools of cybercrime talent.Most African countries are highly aware of such threat and have taken actions to mitigate them.Some of them includes increased funding for various initiatives geared towards fighting cyber crime.

First half of 2017 has seen an increased cooperation between the public and private sectors to address those threats.Data sabotage is also emerging as a great threat that will become a reality all over Africa. Criminals are seeking to sow confusion and doubt over the accuracy and reliability of information, impairing decision making across the private and public sector.As organizations continue to leverage evolving technologies, including the cloud and in parallel shore up perimeter defenses to raise the bar of network security, criminals are increasing their focus on the human element as an entry point. The first half of 2017 has seen advanced social engineering tactics that are more targeted and more effective, exploiting the weakest link employees that organizations always find challenging to safeguard.The advent of cybercriminals in Africa has grown to become more malicious and their attacks more frequent, complex, and expensive to rectify. According to the research, organizations in Africa have lost an estimated US$6 billion in revenue due to cyberattacks since the beginning of 2017.Despite significant losses in revenue by cyberattacks, the researchers found that nearly 35 per cent of organizations are not planning to invest in cybersecurity at all.The new breed of African cybercriminals are unforgiving and more malignant in nature, seeking beyond financial gains and aiming to destroy the reputation built over decades whether by business or organizations which may ultimately cost owners their business. It is no longer the question of whether cybersecurity should be part of a holistic growth strategy, it is now a matter of how to invest. More importantly, African organizations need to prioritize what they need to protect. For example, in an app-centric environment, businesses should identify all apps in their network, whether deployed by IT or shadow apps installed by shadowy figures, and secure those deemed to be most vulnerable.In my view, it is also critical for African organizations to ensure security assessment is part of their application development framework, and not an afterthought as is the case in the region. Having a secured application will protect data but also enhance customers experience and their confidence in the organization’s brand.It is also important to keep in mind that cybersecurity is everyone’s responsibility, not just the geeks in the organizations. Ultimately, cybersecurity should need to be integrated in every aspect of the organization to ensure that they retain customers’ trust and protect the bottom line.

Contador Harrison