Cyber security challenges in Africa

Posted on June 23, 2016 12:01 am

Cyber Crime is an evolving and growing threat that African countries urgently requires legislation that defines offences and establishes structures for reporting and investigating cybercrime. It is essential that computer users in Africa be educated about the risks that cyberattacks pose including but not limited to developing training and awareness about how to prevent and detect such attacks.Such initiatives could range from placing relevant information on financial institutions’ websites to generating media awareness through mainstream media.More formal training sessions and education could also play a role.Research in my possession suggests that Africans are being increasingly targeted by cybercriminals and there’s an increase in phishing attacks targeting video-on-demand users, who are tricked into handing over their passwords under the guise that their accounts need to be updated.The research also shows that unsolicited bulk email or spam, a popular method used to launch email phishing attacks. Banking malware, a software that’s downloaded onto a computer without the user’s knowledge to perform a malicious act such as stealing passwords and account numbers has grown threefold since 2014.Phishing remains an extremely popular method of identity theft in Africa.Cybercriminals try to trick computer users into divulging personal financial information. This is then used to steal money or commit fraud and victims can lose enormous amounts of money. The practice of phishing is becoming more common as more and more services become available online.

Africans are banking, shopping and watching movies online, creating a number of new opportunities for cybercrime. Cyberattacks are also becoming increasingly sophisticated and less easy to spot.Most legislations that are in place across the continent, when it comes to protecting citizens’ personal information, it appears to be rather a mixed bag.They are very short on specifics and do not handle several potentially useful initiatives that may help protect Africans against cybercrime.Notably absent is any responsibility on the private sector to improve its cybersecurity efforts.Most of them commit government to increase the number and training of cybersecurity specialists in police departments. In my view, increasing the number, and skills, of graduates with cybersecurity expertise and partnering with organisations to deliver a sustained, awareness raising campaign, encompassing a range of activities, will enables all African to be secure online.The effectiveness of both of such policies depends on how they are actually implemented.The biggest cybersecurity threat to individuals in Africa remains the unauthorised use of their personal information to commit a variety of financial crimes. It is here that existing cyber security strategies seems to lack focus in my opinion.Prevention is usually better than cure, and in the case of cybercrime committed across national boundaries, law enforcement is often ineffective. It will likely remain so, despite the worthy rhetoric in the strategy about international cooperation.Therefore, the primary defence we have is making sure the organisations that hold personal data are taking sufficient measures to prevent cybercriminals from gaining access. Many of these organisations are in the private sector.But it is sad that African countries are relying on hints and a bit of assistance to get the private sector to improve their efforts in this area. This is perhaps unsurprising, given the antipathy to red tape and graft in African governments.

One might have thought Africa’s largest businesses would already have the financial means to hire external consultants to assess their security strategies but was gobsmacked to learn such businesses are only offered voluntary checks.I think regular checks will enable businesses management to better understand their cyber security status and how they compare to similar organisations. As for small business in Africa, the strategy acknowledges they might not allocate enough resources to cybersecurity and they could become a soft underbelly or back door into connected organisations.To deal with that, African countries should put in place plans to offer tests of what cybersecurity measures small businesses have in place by certified practitioners.There’s no shortage of information security guidelines available to organisations already. In far too many cases, what is lacking is the will to implement them.Sadly, in practice, the consequences for security breaches seem extraordinarily limited. Cybersecurity breaches in private sector companies sometimes do have negative consequences for those companies. But they also inflict significant and often larger consequences on the people whose personal data is stolen.As someone with deep experience in Cyber Security, I believe that it’s the role of African governments to step in with better regulation when an action creates significant negative impacts on citizens.However, some African countries seems to have a view that the costs to business of forcing them to take cybersecurity seriously outweigh the benefits which is awfully wrong.

Contador Harrison