Cybersecurity: the big picture in Africa
As cybercrime continues to grow across Africa, Connecting Africa investigates the threat landscape, the factors driving cybersecurity risks and the potential consequences to enterprises, consumers and nation states.
Across both the public and private sectors on the African continent, ongoing technology adoption, sophistication, the digitization of services and transformation of operational processes has meant that the horizon of cybersecurity risks has not just broadened but increased in complexity.
Beyond the risks to organizations and consumers, there are emerging and growing concerns about some cybersecurity incidents that could potentially destabilize countries and occasion economic hardships.
The enterprise and consumer threat landscape in Africa
With the current levels of technological sophistication, some of the more common enterprise threats on the continent, as well as the actors and their motivations, include:
Malware attacks - by criminals for financial gain and hacktivists who aim to disrupt operations.
Distributed denial-of-service (DDoS) attacks - by hacktivists who aim to disrupt operations and make political standpoints, by criminals who want to disrupt services and by discontented employees within organizations.
Phishing - by criminal syndicates with the ambition of stealing personal information that allows for identity theft and ultimately financial gain.
Ransomware - by criminal syndicates whose end-game is financial extortion.
Personal data theft - from governments and businesses by cybercriminals who seek to sell information to third parties.
Factors driving cybersecurity risks
For the most part, increased technology adoption and digital transformation – including the rise of cloud computing and the uptake of mobile technology – have also brought many cybersecurity risks that need attention.
Mobile adoption has presented both businesses and governments with an additional channel to serve or engage with consumers and citizens and a medium through which payments can be made.
Cloud computing services, which greatly reduce capital and operational expenditure while allowing for agility and quick deployment of services, have been largely driven by improved and more pervasive connectivity options.
Within these technologies there are many threat facets:
Email - end users are targeted via malware and phishing attacks.
End points - including smartphones, laptops and computers, typically targeting end users through whose devices attackers can gain unauthorized access to enterprise information and systems, data theft and spread of malware (especially ransomware).
Servers and networking infrastructure - unauthorized access to infrastructure and information owing to weak security measures. This leads to service disruptions and sometimes financial losses. This is probably the most problematic for organizations as it allows the first two to happen.
Cloud services – where poor configuration or insecure connectivity can lead to breaches.
Software – where vulnerabilities can be exploited to allow access to infrastructure and systems.
Aside from external threats, within organizations a constant Achilles' heel is people.
One of the biggest and most constant concerns has to do with end-users whose lack of awareness and inadvertent actions sometimes cause serious data breaches for the organization or for themselves.
Other drivers which cut across both public and private sectors include budget constraints (that don’t allow investment in requisite security measures); the absence of internal security policies (which would also encapsulate awareness efforts); standards for vetting equipment, software and processes; and systems architecture problems.
Outside of organizations and away from technology, from a regulatory point of view, weak enforcement, and the lack of standards and incident response protocols are also major contributors to cybersecurity threats.
For some sectors that are most vulnerable, like financial services, the responsibility for this spreads out to industry associations and different regulators.
However, for sectors that are less regulated and more fragmented or less homogenous in nature (e.g. retail) there are still gaps which need to be filled.
The impact of cybercrime
Cyberattacks manifest differently ranging from:
Economic impact - loss of revenue, recovery and mitigation costs, etc.
Loss of trust - erosion of consumer or citizen confidence especially in sectors like finance, healthcare and government.
Loss of data - and the increased risk of identity theft, financial fraud, etc.
General operational disruption - which itself can be measured financially.
Looking beyond the threats that affect businesses, governments or consumers, there are also actors with peculiar motivations pertaining to human rights, geopolitics, national politics and economic issues.
This is a dominion where greater scrutiny may be required as the risks are not always clear and mitigation measures vary vastly.
Offshoring cybercrime
Several African countries have, over the years, touted themselves as great ICT offshoring destinations, based on the strength of improved infrastructure (connectivity and power), a growing skills base, low labor costs and great weather.
Some of these attributes have also appealed to criminal syndicates who have been setting up operations in several African countries.
African countries may not yet account for a big proportion of cybersecurity incidents or losses incurred – based on the relative size of different countries' economies – but they are increasingly playing a role in enabling cybercrime within and outside the continent.
Several countries are becoming hosts from which cybercrime attacks emanate as vigilance has mostly been from more problematic countries in Asia and Eastern Europe.
Thus, criminal cells have set up their networks in countries from which traditionally attacks did not emanate from before.
Several African countries are becoming hosts from which cybercrime attacks emanate. (Source: Image by DC Studio on Freepik)
West Africa stands out as one of the growing hubs for cybercrime.
Around mid-2024, The International Criminal Police Organization (Interpol) moved in on one of the more prominent criminal networks, Black Axe, whose operations span five continents and whose activities include online fraud, money laundering and cryptocurrency theft.
Other factors that are allowing this offshoring of cybercrime include:
Weak regulations - for example, not enforcing SIM registration thereby allowing SIM boxing to be used for financial fraud, phishing and scams.
Absence of mechanisms and institutions that can effectively undertake traffic monitoring.
Hacktivism
In countries where there are human rights violations, issues around poor governance or corruption, "benevolent" hacktivists have taken it upon themselves to show allyship with citizens by disabling government websites and services in a bid to lend their weight to existing concerns.
Going by the current trends noted by several African countries – in which the democratic space is shrinking or where citizens are more burdened by the excesses of the ruling class or grappling with the negative economic effects of corruption – it can be expected that this is one area of cybersecurity that will remain on the horizon for a long time to come.
Cyber warfare and espionage
Cyber warfare and espionage might be more pronounced outside of Africa but are likely to become even more common, especially in regions where hostilities exist between countries.
In essence, nations have been known to direct hackers to either attack the systems of another country or start misinformation campaigns with varying end-games including social engineering, economic sabotage and political destabilization.
While this has not been known to happen yet in Africa, it may be just a matter of time before it does.
Political problems
An interesting aspect of cybersecurity relates to regulations and measures instituted by governments, which in retrospect seem ostensibly to address the core issues, but which are perceived as levers to manage dissent, allow for citizen surveillance and other areas that may not always be in citizens' best interests.
When systems are put in place to curtail avenues of corruption and fraud, it is never in the interests of those responsible to ensure they are effective, which can result in the creation of deliberate loopholes for misuse.
This also opens a door for cybercriminals, some of whom may work in collusion with civil servants or politicians.
As it were, government systems are predominantly vulnerable to attack for various reasons including the use of legacy systems, lack of expertise and reliance on external providers.
Most entities are particularly attractive, not just to cybercriminals but also to those with certain political motivations, because of the sheer volume of personal information they possess through the hundreds of services delivered online.
The path ahead
As governments, businesses and consumers continue to grapple with cybersecurity – and bearing in mind that some risks have been borne of increased technological adoption – there are more technologies coming down the line which make it even more imperative to put the right measures in place.
The use of artificial intelligence (AI) has grown in leaps and bounds over the past few years.
However, it has dragged along with it unsavory uses including the creation of deep fakes, data harvesting and algorithms which are all playing an additional role in cybercrime for financial fraud, phishing and social engineering.
Adoption of the Internet of Things (IoT) by different businesses and for varying use cases, is slowly adding to the end points which can be exploited to enter networks.
These are sometimes part of a complex cloud architecture which, when poorly configured, may offer up additional vulnerable points.