By January 13, 2020

What Most African Organizations Have Been Overlooking And Misconceiving About Cybersecurity

By January 13, 2020

Cyber attacks are becoming more complex and challenging. Thanks to the increased rate of technological evolution, cybersecurity has moved past data breaches and privacy.

The advent of more cosmopolitan attacks disruption countries, businesses, industries and supply chains is costing billions upon billions. 

The Problem

The latest: Kaspersky security researchers have reported on thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region.

The malware used in the attacks indicates that the threat actors are most likely to be an infamous Silence hacking group, previously known to be responsible for the theft of millions of dollars from banks across the world.

The 2019 KnowBe4 African Cybersecurity Awareness Report shows that 53 percent of African think that trusting emails from people they know is good enough for their online security.

The study which surveyed over 800 respondents from eight African countries, found that 64 percent of people in the continent do not know what ransomware is – yet with the belief that they can spot a cyber threat. 

Furthermore, 28 percent have fallen for a phishing email and 50 percent have had a malware infection. While there are a lot of surprising numbers to draw from the survey, the bottom line is that a lot of Africans have little to no idea of the entailments of cybersecurity. 

The situation raises more concern as 525 million people in the region are connected to the internet, representing 40 percent of Africa’s total population. The number is expected to grow to a billion people by 2022. As connectivity improves, users are faced with increasing cyberattacks. In fact, Africa has been among the fastest growing regions in terms of cybercrime activities.

Obsolete Techniques 

Image result for bethwel opil kaspersky
Bethwel Opil

The first thing Bethwel Opil, Enterprise Sales Manager for the African arm of Kaspersky – a multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia – had to say was that digital disruption and technology disruption adopting becoming commonplace in Africa means decision makers must remain cognizant of how cyber threats are also more prevalent than ever. 

Discussing the subject with WeeTracker, the Kenya-based cyber insider said: “As the world we live in evolves and becomes ultra-connected, we need to change our approach to how we protect everything around us.

What we build and adopt today and tomorrow, must become secure-by-design. And this is perhaps where one of the biggest issues around cybersecurity on the continent comes in – companies too easily think of protection as only revolving around anti-virus and firewalls”. 

Bethwel explains that businesses and individuals do not realise that safeguarding their mission-critical data requires a different approach to what may have worked a few years ago. 

Cybersecurity is as much about education as it is about the technology used. Employees must be trained to never click on suspicious links and always guard their log-in credentials, whether at the office or at home. 

In the industrial and manufacturing-driven environment of Africa, the human factor can still put industrial processes at risk despite the best technology available.

For example, employee errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system networks in 2018.

Minimizing this aspect of cybersecurity requires the business to look at building what can be referred to as the Human Firewall. This is achieved through the right security awareness and training solutions that go beyond basic training, to offer training that is easily digestible, practical, and importantly, memorable. 

Those employees who have access to sensitive information and business-critical systems must be given more advanced training and learn to recognize malicious personalized fake emails that could cause massive destruction.

Training should focus on making effective learning open to businesses of any size, ensuring a company can balance security competence levels for different groups of employees.

Not Just Human Errors

Related image
Shutterstock

The threat landscape in Africa, contrary to what is widely known, is not impacted by human error alone. What should be realized is that targeted cyber attacks on industrial control systems is also an increasing challenge in the region. 

This includes cyber attacks on critical and service infrastructure systems. For example, everything from power and water utility services to dam control facilities, or even water treatment facilities.

In October, a group of internet desperadoes hacked into the official website of the City of Johannesburg. The unidentified culprits inadvertently forced the city to shut down its billing system as a precautionary measure. 

What’s more, they demanded Bitcoin as a ransom to to hands-off on the website. If anything, the event shows that larger bodies such as city authorities and enterprises have become the fastest-growing targets for cyber attacks. 

“Perhaps more concerning is that owners are not aware that their facilities are exposed to cyber risks and hacking. The more complex and connected industrial infrastructures become, the more advanced protection these networks demand,” Bethwel supports. 

Businesses across Africa seem unaware that countering modern cyberthreats to critical and civil service infrastructures requires a 360-degree not only of the threats themselves but also of the actors driving them.

There must be awareness of the importance of implementing the right defence solutions and programmes to help maintain immunity to even previously unseen threats.

True cybersecurity is no longer just about providing software protection from all possible cyberthreats, be it malware, spam or advanced persistent threats. It is a constant process, addressing threats holistically with a comprehensive set of solutions and multi-layered protection technologies.

Cybersecurity Misconceptions

Image result for cybersecurity
Source: CSO

Sometimes, the problem is believing what is not real. The first misconception about cyber threat, and probably the most costly, is that your data is not so valuable for someone to want to get their hands on.

Also, cyber attacks are not usually from video games. To protect the online security of your business, you need to let go of the wrong information.

Despite understanding its importance, many companies on the continent view cyber security as a commodity with very little difference between the options available to them. This is dangerous as it could result in gaps in the organisational defences. 

According to Bethwel, even a percentage point difference in detection rates can see hundreds of thousands of pieces of malware slipping through over the course of a year. Given how many new pieces of malware are detected daily, the most dangerous threats become the ones that companies are not even aware of yet.

Another misconception is that cyber protection is limited to the business or organization itself. As internet penetration in Africa meteorically improves, businesses are putting faith in mobile devices and the Internet of Things (IoT) to capture and effectively analyze data. These provide additional access points into the corporate back-end that are tempting targets for attackers. 

Bethwel reveals that decision-makers must take the necessary steps to safeguard their on-premise environment as well as the multitude of connected devices that lead back into it.

Even today, it is frightening to think how few people have a form of cyber protection on their smartphone or tablet. The misconception that these devices are safe or do not need security software is a dangerously false one that must be overcome.

“At a more fundamental level, organisations must not forget about the defences of their routers and modems. This well-known area of vulnerability has been largely overlooked.

Used by both consumers and companies, these devices play an important role in daily operations. Attackers may use these as key entry points to access the network,” he said. 

Cyber Onwards

Though the continent is somewhat short on cybersecurity investments compared to other places, Africa has its fair share of hacks and attacks. WeeTracker reported October that cyber attacks in Kenya grow eight times in one year. 

“Advancements in technology bolster the promise of access and convenience across many sectors on the continent and subsequently adds value to the economy. Just look at fintech and the opportunities it is offering,” Bethwel underlined.

However, with technology comes increased risk of cyber threats and if these risks are not addressed, the potential damage that can be caused by a cyber related incident can be costly and negatively impact the opportunities available.

Placing a focus on cyber investments and initiatives and ensuring that cybersecurity is always considered and is at the top of any business and government agenda means that the opportunities that technology presents can be leveraged, with risk effectively managed.

This will support effective growth and the ability to reap the benefits of a maturing technology and digital space.

Featured Image: CPO Magazine