Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa
0Laura Tich | Cyber security consultant, Shehacks_KE
Evelyn Kilel | Security Researcher, Shehacks_KE
Date: Thursday, August 6 | 11:00am-11:40am
Format: 40-Minute Briefings
Track: Community
The increase in cyber attacks in sub-Saharan Africa has become an issue of major concern for the region and its people. With the increase in use of digital technology, cyber security is becoming a critical aspect of the day-to-day lives of individuals and organisations. A 2019 report by The World Economic Forum placed cybercrime as one of the three greatest threats in Africa.
Sub-Saharan Africa is well connected to the global economy with regard to commerce and finance. This means that the cyber threats affecting the regions with both local and international origins should be put into consideration with the onset of every new technology. Globally, Africa has been geographically segmented with the Middle East in the cyber security market. However, there is a big divide in the adaptation of technology and cyber security between sub-Saharan Africa and North Africa/The Middle East.
A report based on IDC's Sub-Saharan Africa CIO survey of 2019 estimates the total sub-Saharan ICT market to grow from $95.4bn in 2020 to $104.2bn by 2023. According to the same report, technologies such as cloud, social media and big data are some of the key areas of growth in 2020.
As the use of technology has become widespread across the region, Sub-Saharan Africa experiences a great many cyber attacks annually, both attacks that are seen in other parts of the world but also attacks that are specific to the region.
A study conducted by the International Data Group connect shows that sub-Saharan Africa's economy has been hard hit by cybercrime. The data shows that cybercrime costs South Africa an estimated $573m annually with Nigeria and Kenya losing $500m and $36m respectively. Seen in proportion to GDP of the countries, this represents tremendous sums lost to cybercrime. While these figures show the size of the problem in this part of the world, 96% of African organizations set an average annual budget of $5,000 for cyber security. Pan-African Cybersecurity and Business consulting firm Serianu ranked banking sectors and government as the most targeted by cyber criminals.
Cyber crime in Africa has been on a rapid increase compared to the rest of the world with an estimate of 80% of personal computers being infected with some kind of malicious software. One of the most affected industries in sub-Saharan Africa is the financial sector. Globally, Africa leads in the use of mobile money transfers with an estimated 14% citizens receiving money through mobile money transfer like Kenya's MPesa. With sub-Saharan Africa hosting some of the biggest mobile money transfer services, mobile money has over the years been a primary target for criminals. Some of the threats that have affected the mobile banking industry are social engineering and reverse engineering of mobile money apps for malicious purposes. A lot of mobile money users and providers have been immensely affected by criminal activities targeting the platform.
With cybercrime on the rise, Sub-Saharan countries lack proper legislation, such as cyber laws, to govern the cyber space thus creating a permissive environment for cyber criminals. Most countries in the region struggle to implement cyber security measures due to budgetary concerns and the small number of skilled cyber security practitioners.
Some of the common challenges faced in the cyber security industry in sub-Saharan Africa include:
High cost of cyber security tools
Limited security budgets
Use of pirated versions of cyber-security solutions
Absence of adequate tools to provide accurate data
Growing cyber threat owing to 5G deployment
Over-dependence on cloud
In order for sub-Saharan Africa to realize its full potential in cyber security, effective policies have to be implemented. Solutions designed must be geared toward the distinct operating environment of the sub-Saharan region. The question of cost is an inescapable facet of any technology implementation, even more so in the African context. Local currency values tend to be volatile thus depending on foreign solutions might be costly compared to the amount local companies can afford to budget for cyber security.
As the technology grows complex and diverse by the day, so does the surface for malevolent exploitation. Sub-Saharan countries however, continue to emulate technologies, policies and strategies implemented by more developed countries. These fall short in addressing needs specific to the threat landscape in the region thus creating a need to adapt available resources and formulate comprehensive regulatory policies that would better govern the cyber security ecosystem in the region.
Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security