From all indications, innovative technology is giving Africa’s post-pandemic future a much more colorful definition. Growth for the continent’s internet space is unarguably at an all-time high, many thanks to the increased adoption of digitized services by a mostly youthful and tech-forward populace.
However, the grim side to the obvious proliferation is: the change in Africa’s technovation climate—and the value therein—is attracting not only deep-pocketed global investors and enthusiastic technocrats, but also catching the eye of everyone from resilient script kiddies to multiple-time black hats. At the tunnel’s end, there is an enlarged avenue for cybercrime to take hold and play mischief.
Predictably, Africa is witnessing an upsurge in cyberattacks. But, surprisingly, the continent has become the number one hunting grounds for digital-first threats. The deluge of electronic repression in several African countries, in combination with erratic internet—and social media shutdowns—is proving immensely costly on many levels.
According to a 2021 report by Check Point, an American-Israeli multinational provider of software and combined hardware and software products for IT security, Africa experienced the world’s most-grown amount of cyberattacks in 2021, with the continent’s businesses in the middle of a “cyber pandemic” taking the global web space by unfettered storm. Per the numbers, the last frontier market is now first in line for innumerable digital menaces.
In this exclusive interview with WeeTracker, Panjak Bhula, Regional Director for Africa at Check Point Software Technologies, explicates and contextualizes why Africa has become the lodestone for cyberattacks.
According to Panjak, there is a substantial correlation between this seemingly unprecedented development and the current state of cybersecurity awareness in the region.
Apparently, it is high time African cybersecurity reaches an inflection point. But, why is the continent now ground zero for cyberattacks globally?
Pankaj: In every single country on the continent, there is a reasonable uptake of digital services. Whether or not the consumers use these platforms is another discussion entirely.
The adoption of internet-based applications leaves a question mark. But, almost everywhere you go, companies in the private and public sector, from mobile network operators (MNOs) to financial institutions, are digitizing in one way or the other; and that is important.
Because of this maturity, the level of cyberattacks in Africa will continue to increase, more and more. The level of threats that are taking place in the continent is significantly larger, and the reason for that is: most companies do not adopt the best cybersecurity practices.
Likewise, most individuals are not overly cautious with their use of internet-enabled services. The level of education, training, or awareness of cybersecurity is also a big challenge.
The level of sophistication around digitization, connectivity, and bandwidth changes from country to country, and maturity to maturity. South Africa, Kenya, and Ghana have some of the largest digital consumers in the continent.
But, in Ethiopia, there is less connectivity, so the usage there is not so high. In Nigeria, likewise, a couple of network-related issues prevail. Once that is improved, the adoption levels will increase, while the number of cyberattacks will inevitably become more.
The growth of cyberattacks is directly linked with the coronavirus situation experienced in the last two years; the need to go online to buy personal items, take classes, and work (from home, that is).
Obviously, the cybercriminals are not naive, as the first places they would want to hit are the more developed markets like those in the West. But as those companies become more sophisticated and cyberattack-proof, they use the same skills and technology for less-developed markets.
From that perspective, Africa is their next target. Unfortunately, as I said, here, people are not conversant with the best online security practices. The gates are somewhat left half-open.
Does that mean Africa-focused cyberattacks are not happening in a different way?
Pankaj: It is not necessarily a unique case. In South Africa, case in point, there are big challenges around physical crimes like money hijacking, as individuals often fall prey to these attacks and even lose their lives.
In the case of a cybercriminal, that is effectively the same: all they want is money. To get it, they have to sabotage, deprive people of their work, and illegally retrieve data for other dubious purposes.
It will always be about the money. Knowing that, where will cybercriminals go first? The banks. These financial institutions are sensitive about their data, and they will always try their best to protect user information, which makes the market a common target for hackers and the like. After banks, they would probably try with the telecommunications operators.
The public sector, interestingly, is always the last on their list, often because there is not much of a goldmine in the space. Most governments in emerging or less-matured markets do not take public sector cyberattacks seriously. Again, we have to address the practices and the knowledge cap in Africa.
How can businesses entering the online space for the first time effectively brace themselves against cyberattacks?
Pankaj: Worldwide, the M-PESA initiative from Kenya’s leading telco, Safaricom, is held as one of the best approaches to mobile money technology.
From the looks of it, mobile money single-handedly contributes about 80 to 90 percent of the East African country’s Gross Domestic Product (GDP). The same technology is used in many parts of the world.
Most of the small businesses in Africa are operating on mobile. We need to find a way to educate the market that there are low-cost technologies or applications that they can purchase and implement to protect their devices.
Everyone is virtually already on the internet for all kinds of things, so it is important to invest in the tech that helps protect digital transactions, build a culture around it and ensure that the skills/education system can empower more people to adopt this.
Africa is in the middle of “a cyber pandemic”, as it is. But, it appears not much cognizance has been taken of this. What is your take on this?
Pankaj: What we have experienced (the coronavirus pandemic) in the last two years is traveling at a pace that is seemingly uncontrollable, impacting the social and healthcare systems.
As a result, governments had to come together to decide on how to create rules and processes to curb the contagion. Unfortunately, no African government really admits to the COVID-19 reality, and as such, there are not really any penalties for defaulters.
Plus, if one of the largest banks in the continent is breached tomorrow, the government will not take any serious action to penalize such financial institutions for breached data or failing to implement cybersecurity solutions. But, in somewhere like Europe, if a bank’s data is breached, the well-in-place penance is 5 percent of annual turnover.
Until African governments implement, practice and police such penalties, it will not be relevant whether or not we are in a pandemic; businesses will always be exposed to various cyber threats. For them to come together and agree on measures that cannot be abused, appears a challenge.
But I think things will change in terms of technological infrastructure. Services like water and electricity are going digital, which means, the chances are, they are potentially at threat.
In the same way, almost every market in Africa has airlines with digitized setups. If things get to a point where hackers are penetrating these systems and creating havoc, I think the governments will wake up.
I remember a day I was in Lagos Mainland, Nigeria when a Ghanaian who just arrived from Sierra Leone discovered his digital footprints/identity had been compromised.
I have been working in Nigeria for more than 14 years, but have never been so impressed with how the government, police, and military mobilized fast to get rid of anyone who was in contact with the person. Within a week, they effectively tied the loose ends.
They realized the threat was spreading very fast and could infiltrate into the government system. The message was: clean it up. I feel until cyberattacks hit the top level, the urgency will suffice.
Everyone will be affected at the end of the day, so this definitely needs more awareness.
