What Most African Organizations Have Been Overlooking And Misconceiving About Cybersecurity

Cyber attacks are becoming more complex and challenging. Thanks to the increased rate of technological evolution, cybersecurity has moved past data breaches and privacy. Strong authentication protocols can help prevent attacks, but African businesses need to be aware of the risks.

The advent of more cosmopolitan attacks disruption countries, businesses, industries and supply chains is costing billions upon billions. 

The Problem

The latest: Kaspersky security researchers have reported on thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region.

The malware used in the attacks indicates that the threat actors are most likely to be an infamous Silence hacking group, previously known for stealing millions of dollars from banks worldwide.

The 2019 KnowBe4 African Cybersecurity Awareness Report shows that 53 percent of African think that trusting emails from people they know is good enough for their online security.

The study surveyed over 800 respondents from eight African countries and found that 64 percent of people in the continent do not know what ransomware is – yet believe that they can spot a cyber threat. 

Furthermore, 28 per cent have fallen for a phishing email, and 50 per cent have had a malware infection. While the survey yields many surprising numbers, the bottom line is that many Africans have little to no idea of cybersecurity’s entailments. 

The situation raises more concern as 525 million people in the region are connected to the internet, representing 40 percent of Africa’s population. The number is expected to grow to a billion people by 2022. As connectivity improves, users are faced with increasing cyberattacks. Africa has been among the fastest-growing regions in terms of cybercrime activities.

Obsolete Techniques 

The first thing Bethwel Opil, Enterprise Sales Manager for the African arm of Kaspersky—a multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia—had to say was that digital disruption and technology disruption becoming commonplace in Africa means decision makers must remain cognizant of how cyber threats are also more prevalent than ever. 

Discussing the subject with WeeTracker, the Kenya-based cyber insider said, “As the world we live in evolves and becomes ultra-connected, we need to change our approach to protecting everything around us.

What we build and adopt today and tomorrow must become secure by design. And this is perhaps where one of the biggest issues around cybersecurity on the continent comes in—companies too easily think of protection as only revolving around anti-virus and firewalls. “ 

Bethwel explains that businesses and individuals do not realise that safeguarding their mission-critical data requires a different approach to what may have worked a few years ago. 

Cybersecurity is as much about education as it is about the technology used. Employees must be trained to never click on suspicious links and always guard their log-in credentials, whether at the office or at home. 

In Africa’s industrial and manufacturing-driven environment, the human factor can still threaten industrial processes despite the best technology available.

For example, employee errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system networks in 2018.

Minimizing this aspect of cybersecurity requires the business to consider building what can be referred to as the Human Firewall. This is achieved through the right security awareness and training solutions that go beyond basic training to offer training that is easily digestible, practical, and, importantly, memorable. 

Employees who have access to sensitive information and business-critical systems must receive more advanced training and learn to recognize malicious, personalized fake emails that could cause massive destruction.

Training should focus on making effective learning open to businesses of any size, ensuring a company can balance security competence levels for different groups of employees.

Not Just Human Errors

Contrary to what is widely known, Africa’s threat landscape is not impacted by human error alone. What should be realized is that targeted cyber attacks on industrial control systems is also an increasing challenge in the region. 

This includes cyber attacks on critical and service infrastructure systems, such as power and water utility services, dam control facilities, and water treatment facilities.

In October, a group of internet desperadoes hacked into the City of Johannesburg’s official website. The unidentified culprits inadvertently forced the city to shut down its billing system as a precautionary measure. 

What’s more, they demanded Bitcoin as a ransom to to hands-off on the website. If anything, the event shows that larger bodies such as city authorities and enterprises have become the fastest-growing targets for cyber attacks. 

“Perhaps more concerning is that owners are unaware that their facilities are exposed to cyber risks and hacking. The more complex and connected industrial infrastructures become the more advanced protection these networks demand,” Bethwel supports. 

Businesses across Africa seem unaware that countering modern cyberthreats to critical and civil service infrastructures requires a 360-degree view of not only the threats themselves but also the actors driving them.

There must be awareness of the importance of implementing the right defence solutions and programmes to help maintain immunity to even previously unseen threats.

True cybersecurity is no longer just about providing software protection from all possible cyber threats, be they malware, spam, or advanced persistent threats. It is a constant process that addresses threats holistically with a comprehensive set of solutions and multi-layered protection technologies.

Cybersecurity Misconceptions

Sometimes, the problem is believing what is not real. The first misconception about cyber threats, and probably the most costly, is that your data is not valuable enough for someone to want to access it.

Also, cyber-attacks are not usually related to video games. To protect your business’s online security, you need to discard the wrong information.

Despite understanding its importance, many companies on the continent view cyber security as a commodity with very little difference between the options available to them. This is dangerous as it could result in gaps in the organisational defences. 

According to Bethwel, even if there is a percentage point difference in detection rates, hundreds of thousands of malware can slip through over a year. Given how many new malware are detected daily, the most dangerous threats become the ones that companies are unaware of.

Another misconception is that cyber protection is limited to the business or organization. As internet penetration in Africa meteorically improves, businesses are putting faith in mobile devices and the Internet of Things (IoT) to capture and analyze data effectively. These devices provide additional access points into the corporate back-end that are tempting targets for attackers. 

Bethwel reveals that decision-makers must take the necessary steps to safeguard their on-premise environment as well as the multitude of connected devices that lead back into it.

Even today, it is frightening to think how few people have cyber protection on their smartphones or tablets. The misconception that these devices are safe or do not need security software is dangerously false and must be overcome.

“At a more fundamental level, organisations must not forget about the defences of their routers and modems. This well-known area of vulnerability has been largely overlooked.

These devices are used by both consumers and companies and play an important role in daily operations. Attackers may use these as key entry points to access the network,” he said. 

Cyber Onwards

Though the continent is somewhat short on cybersecurity investments compared to other places, Africa has its fair share of hacks and attacks. WeeTracker reported in October that cyber attacks in Kenya have grown eight times in one year. 

“Advancements in technology bolster the promise of access and convenience across many sectors on the continent and subsequently adds value to the economy. Just look at fintech and its opportunities,” Bethwel underlined.

However, with technology comes an increased risk of cyber threats, and if these risks are not addressed, the potential damage that can be caused by a cyber-related incident can be costly and negatively impact the opportunities available.

Focusing on cyber investments and initiatives and ensuring that cybersecurity is always considered and at the top of any business and government agenda means that the opportunities that technology presents can be leveraged, with risk effectively managed.

This will support effective growth and the ability to reap the benefits of a maturing technology and digital space.

Featured Image: CPO Magazine