Cybercrime is defined as crimes directed at computers or other information communications technologies where the crimes are an integral part of an offence.In today’s Africa, the reality is that all individuals and organisations connected to the internet are vulnerable to cyber attack. The number, type and sophistication of attacks continues to grow. It isn’t only large organisations that are under threat. Even individuals or organisations that don’t believe they have much to offer hackers can be targeted. The dangers that cybercrime presents are obvious and they include among others the risk of sensitive, confidential information, privileged communications being leaked and the risk of unauthorised, external access to the personal and financial data.Cyberattacks on African businesses are now a question of when, not if. In Africa of increased connectivity and heavy reliance on digital technologies, extra measures need to be taken to protect firm and client data and minimise the risk of a breach.Malicious individuals and groups are thriving on gathering information that can be used to enhance their attack strategies. Hackers are becoming more focused on their attacks by tailoring to individual people, and any bit of information that can be of help.The information gathered is used to build a profile of the target with the aim to have enough data that allows the hacker to appear trustworthy to the victims. That was common in South Africa and Nigeria in 2016 where in most reported cases, the hackers attempted to impersonate credible entities that are trusted by their victims. The more information the hacker had on them, the more likely they were able to maintain the illusion long enough to achieve their aims. The effects of a successful attack vary significantly, largely depending on the motivation of the hacker.In a volatile online environment, knowledge and information is power. Several companies across the continent have taken the initiative to address the problem albeit in small scale. Aimed at companies, businesses that work online and those that are required to navigate complex and varying laws and cybercrime regulations in Africa, some companies are providing tools with instant online access to credible information about laws and policy developments in Africa.One South Africa company offers tools that provide current links to laws and regulations and can be used as a comprehensive guide to analysing security issues and standards in a wide range of areas, or as a starting point to find the right information and then seek further legal advice if necessary.
When i analysed those tools, it was clear that access to that information is designed to help people in key company positions make better risk-management decisions and reduce the costs associated with keeping abreast of changing regulatory requirements.With new tools on the rise, it appears the market is responding to clear concerns about security.According to data that I had seen couple of weeks back, more than 90 per cent of cyberattacks in Africa can be avoided with the most basic level of security. The research showed that 77 per cent of cyberattacks occur because of insiders colluding with criminals. Situations like employees losing unencrypted laptops. These types of risks can be avoided with the use of careful security layers so that people within firms have different levels of access to information on the server, and by computer users changing passwords more often. For example checking the security set-up and access of service providers and considering how the organisation is exposed to risk and put together a clear cybersecurity strategy, addressing technology issues, personnel training and other risk-management steps can significantly reduce the chances of cyber attacks. Also, avoiding seeing cybersecurity as an IT issue alone and take a more holistic approach in order to combat cyberattacks is crucial.Bottom line, the attitude of individuals and organisations in Africa needs to change in order to prevent cyber attacks. There has to be a fundamental understanding that, when online, everyone is a target and that none of Africa population are too small or unimportant.It is also critical to change the attitude to incident detection and handling. Africa can only get better at the defence part if people learn from previous experience, painful and costly as that may be. The reason people know about some of the attacks like Wannacry ransomware is because they were detected and investigated.Most African organisations do not consider incident handling as a core component of cyber defence. And as long as that continues, the improvement in the cyber defences will be slow.There has to be a concerted effort to treat cyber security seriously rather than an expensive auditing exercise. The vast majority of African organisations are looking at cyber security as a compliance task and thus do the minimum possible to achieve that.What is unfortunate is that Africa organisations try to do is the absolute minimum possible to pass the standard check rather than actually improving their security.In my view, it better for them to use the cyber security requirements as a way to improve overall security which will help avoid costly and damaging incidents in the future.