Just like the recent cases of flood, insecurity, food scarcity, terrorism, and other devastating events, the issue of cyber security continues to be a source of concern to individuals, corporate organisations, NGOs, and governments worldwide. According to the 2023 Global Risk Report by the World Economic Forum, cybercrime and cyber insecurity rank among the top ten risks the world will face within the next two years and over the next decade. And yes, this affects Africa in more ways than we acknowledge.
With modernisation, remote work, and the increasing affordability of internet connection and other technology devices, over 500 million people i.e 46% of Africa’s population have access to mobile services, and by 2025, it is estimated that 100 million new subscribers will come on board. However, with this wide adoption of ICT comes massive risks and vulnerabilities many internet users (especially in Africa) and around the world are not aware of or prepared for.
It would be unfair to discredit the infrastructure put in place by many organisations to ensure the security of their systems and devices. But from the look of things, installing surveillance systems, limiting password sharing, and navigating the internet cautiously is not enough protection in this day and age.
Over the years, cyber crimes have been recorded in some of the most secure organisations despite all efforts to incorporate the best security practices to protect themselves physically and on the web. In fact, globally, over $280 billion have been spent on cyber security products and services between 2017 and 2021, and this amount is expected to hit $1.75 trillion by 2025. This shows that even with the huge amount organisations already spend to protect their systems, there is still more that can and should be done.
It is important to note that the amount of money lost as a result of a cyber attack is far greater than what is invested in putting together a cyber security team, strategy and defense mechanism. The 2021 African Cyberthreat Assessment Report reveals that Africa loses over $4 billion to cyber criminals yearly and over 90% of businesses in Africa are operating without implementing necessary cyber security measures.
Even with an internal cyber security team, South Africa’s second-largest hospital, Life Healthcare experienced a cyber attack that affected its email servers, admissions systems and other business processing systems in June 2020. The severity of the attack forced the 6,500 bed provider to switch to manual back-up systems and invite external cyber security experts and forensic teams to contain the breach. In the same manner, Uganda’s mobile money provider Pegasus Technologies lost $3.2 million to hackers in October 2020, and Bet9ja, a popular gaming company in Nigeria was hacked by the Russian Blackcat Group in April 2022 and ransom was demanded.
While we are quick to hear of these cases, not much attention is given to cyber security legislation and preventive measures. Based on the 2021 Global Cybersecurity Index, only 29 out of 54 African countries have fully implemented some form of cyber security law and only 19 countries are signatories to multilateral cyber security agreements.
From Identity theft to personal data breaches, extortion, phishing attacks, ransomware, business email compromise, and data leakage, there is a long list of possible cyber crimes even the safest organisations are prone to. It has also been confirmed that Education, Research, Government, Military, and Healthcare, rank as sectors with the highest volume of attacks (with as high as 1,468 attacks per organisation each week). Other industries including financial services, energy and natural resources, manufacturing, and ICT are also not spared.
It is unarguable that cybercriminals are always many steps ahead and their tactics are never predictable. However, being able to prevent, monitor, and take action in case of a cyber attack begins with having a flexible security strategy which a team of cyber security experts can execute. Although 52% of companies in Africa are currently unprepared to handle large-scale cyber attacks, now is the best time to fix things. For starters, the importance of public awareness and education on cyber security cannot be overlooked. When people are not aware of the severity of things, they tend to be less cautious.
As more young people explore tech-related career paths, a 2018 report shows that there are only about 7,000 certified cyber security professionals in Africa. This means that if push comes to shove, about 177,000 organisations are left to rely on only one cyber security expert. With more people filling vacant cyber security roles, companies can get a shot at safety as dedicated and trained individuals become responsible for auditing their assets and mitigating risk.
On an individual level, employees should live by simple safety tips such as opening their emails and personal details on only trusted devices, resisting the urge to connect to open WiFi networks, cautiously sharing passwords, and transacting on only websites with a valid SSL certificate (you can click on the padlock symbol on your browser to find out if your connection is secure). Downloading files from your email or other websites should also be done mindfully and no matter how much you trust the people around you, your mobile or work devices should be secured with a password to prevent easy access to your personal information if the device is lost or stolen.
Stacy Ketiku is a content producer at ID Africa. She manages creative teams to produce multimedia content for top corporate brands around the world.
