Although the enabling potential of the internet for Africa is a popular story told alongside impressive statistics on internet access growth, cyber security needs more attention to keep pace with the rate of digital penetration.
High profile cases of cyber crime such as the recent hack on Sony Pictures are increasing public awareness of the risks associated with digitisation and the internet.
In Africa, internet usage grew seven times faster than the global average between 2000 and 2012, clocking more than 3,600 percent growth to a total 167 million users. Yet the flipside of the rapid expansion of internet infrastructure is poor cyber security safeguards.
On 17 January 2012 an Indonesian student and amateur hacker known online as Direxer hacked and defaced 103 Kenyan government websites. His tools? Tutorials on the Indonesian language forum Code Security. He attacked everything from the ministries of finance and education to police and prisons, leaving a song to play in the background when each site opened. Reportedly no information was stolen – but likely only because on this occasion theft was not the objective.
In a 2012 report, the International Telecommunication Union (ITU) advises developing countries to “integrate protection measures into the roll-out of the internet from the beginning” because integrating these measures later on would be more cost-intensive.
“Although this might initially raise the cost of internet services, the long-term gains in avoiding the costs and damage inflicted by cybercrime are large and far outweigh any initial outlays on technical protection measures and network safeguards,” the report’s authors argue.
As a late adopter of internet infrastructure, African countries can capitalise on hindsight without having yet invested too many resources in developing it. Secure internet connections can be a competitive advantage in a future dominated by the online world, just as insecure internet can be a disadvantage.
Cyber criminals often look for a ‘mass market’ to hack, requiring many online targets and a preference for more affluent ones such as banks or large corporations. While some markets in Africa do not yet meet these criteria, this is no defence for the likes of South Africa, the third most attacked country after Russia and China.
At CyberCon 2014, David Isiavwe, chairperson of the Information Security Society of Nigeria, explained the ease of hacks in Africa makes the return on investment worthwhile.
“Most attacks launched towards Africa are actually coming from the US, because we are struggling here to keep things secure. The attackers target the markets that have the lowest work factor involved, and Africa is easier to breach,” he explains.
‘Computing hygiene’ is a set of practices that can help reduce the risk of digital attacks, according to David Finn, executive director, Microsoft Cybercrime Centre. These include using the official, most recent versions of software, anti-virus programmes and avoiding questionable sites. “We know unlicensed versions of software have a higher risk of being infected,” says Mr Finn.
However adoption of these measures remain low in many African countries. According to a Business Software Alliance report, on average 59 percent of software in Africa is unlicensed. Higher rates are found in Egypt (62 percent), Tunisia (75 percent), Kenya (78 percent), and Nigeria (81 percent).
One quarter of African computer users are still using Windows XP, first released in 2001. It is Africa’s second most popular operating system after the more recent Windows 7 at 52.85 percent, released in 2011.
“That is more than 10 year old technology at this point. That puts African computer users more at risk,” says Mr Finn. “The older versions of software do not benefit from the technological innovations and the security advances that the technology companies are able to leverage.”
The onus does not lie solely with consumers, however. Very little can be accomplished on a system-wide basis without the collaboration of a wide variety of organisations at the national, regional and global levels. CEOs, mindful of their share prices and quarterly targets, have reason to not want to disclose they have been attacked. However, this hinders coordinated counter-measures.
More fundamentally, cybercrime is not actually considered a crime in every country. Where the legal framework is in place, the definition of cybercrime often differs from one country to another.
“Africa as a whole is a good breeding ground for cyber criminals,” says Jason Gottschalk, associate director of KPMG South Africa. “Lack of legislation, lack of counter-attack capabilities, lack of the forensic skills, the ability to understand how these attacks are taking hold, makes it a good place for criminals to operate.”
Attempts have been made to address this, but efforts to draft an African Union convention on legal frameworks for cyber security has stalled since 2012.
The ITU’s Secretary-General, Dr Hamadoun Toure, recognises the challenges yet remains optimistic. He has found that the ITU’s Global Cybersecurity Index is useful for motivating government partners to take action. The index ranks countries across their legal and regulatory frameworks, technical readiness, national coordination, capacity building and international cooperation on cyber security. According to the ranking, Mauritius, Cameroon and Rwanda lead the continent in this regard.
“The countries in Africa that have succeeded, like Mauritius, have put in the right regulatory framework. Since 2001 they have been working on those things,” says Dr Toure.
The economic and social opportunity to optimise cyber security for Africa’s future has not passed yet, but it will take rapid action and concerted effort. However, this message is easily lost among the many urgent issues that compete for attention and resources.
“The first point is you have to realise that there is a problem…and I’m not quite sure the African continent is there yet,” says Mr Gottschalk.
As African countries try to navigate challenging social, economic and political transformations, cyber security does not yet appear to be a priority. However, as connectivity spreads, so will awareness of the security issues that accompany the many opportunities access affords – hopefully spurring the necessary attention and reforms needed to keep Africa’s internet users safe.
Remember, no problem has a quick fix solution, particularly issues of cyber security in any form. Thus, always ensure to consult highly knowledgeable group of professionals whom would provide you with a collective advice, never individual advice. This group advice and approach is unique with CWIIL Group and is based on the overall Management Philosophy of all CWIIL Group Companies.
Consulting CWIIL Group of Companies, for any / all matters relating to cyber security ranging from individual to national levels, ensures advice based on highest level of knowledge which are given to you by a team of select research-oriented experts whom each will do their own assessment of your matter, and also assess it together, thus ensuring that in case a mistake has been made by one, it will be noticed and corrected even before it is being passed on to you. Receiving incorrect and un-knowledgeable security advice can be disastrous and thus should be avoided.
CWIIL Group of Companies is a global group of multi-specialized units with diversified interests and activities, wherein each company is a separate legal entity registered under prevailing laws in different parts of the world. CWIIL Group of Companies Products, Services, Project and Solutions are in a multitude of Verticals including, but not limited to, Infrastructure, Power, Oil & Gas, Legal, Media, Technology, ITES, HR, Shipping, Aviation, Real Estate, Hospitals, Health and Medicine, Education, Funding & Investment, Business and Legal Consultancy, and Public Private Partnerships, and other CWIIL Group Units, worldwide, to name a few.
For Further Queries or to Request a Personal Quote Feel Free to Contact :
Mr. Francis Thomas Matthews,
Deputy Global Director, No. 8
Marketing Research & Development Division,
Email : email@example.com
Voice : +45.8176.1924
Connect : LinkedIn I Twitter I Facebook I Tumblr
For Any / All Other Queries :
CWIIL Group Global Regional Headquarters Denmark,
Address : No. 1, Klokkebjergevej, DK6900 Skjern, Denmark
Voice : +45.5148.3608
Fax : +45.7014.1498
Email : firstname.lastname@example.org
Web : www.cwiilgroup.eu
Connect : LinkedIn – Twitter – Facebook – Quora
Office Hours :
Monday to Friday : 10.00 – 17.00 CET.
Saturday : 10.00 – 14.00 CET.
Sunday : Closed.
The Corporate Communications Team would require minimum a fortnight for Reviewing & Responding to Queries, which please note.