The Misunderstood World of Cybersecurity in Africa
A new age world of understanding that requires skills and fair access to information. Where open data is met with harsh punishment and laws set without clarity. Here is a look at African’s take on cybersecurity.
This article is published on the eve of the Ifri-PCNS Roundtable taking place in Paris under the theme "Global Cybersecurity Challenges: Disentangling Risks and Opportunities in International Politics."
The digital era has brought about new forms of communication as well as dangers to the sensitivity of state information. Access to the internet is no longer a luxury, but now a human right. Governments are required to open up in the form of shared data and IOT shaping financial services have all shifting emerging economies globally. In his journal piece, Nir Kshetri writes that it is anticipated over a billion people in Africa will have internet access by 2022, and adds that in his analysing of the trend of cybercrimes across the African countries’ analysts have suggested 10 – 15% interest penetration as the threshold level for the generation of significant hacking activities. This is due to the nature of the many emerging economies, where cyber criminals are threatening these economies as they are perceived to be low-hanging fruit.
Let’s provide the general context to cybersecurity. There are degrees in which countries operate or provide policy framework for telecommunications. The existence of services such as e-hailing, curation of online content and the bubbling e-commerce sector has forced many governments to relook the developmental strategies in light of the fourth industrial revolution. Many innovations exist in this field such as Mpesa (mobile money transfer) which touches on the safety of individual details and information. It is therefore not surprising when governments face cybersecurity threats that it results in policies or changes to laws that impact negatively the innovation and telecommunication sector.
Ewan Sutherland in his Governance of cybersecurity – The case of South Africa highlights that National governments are adopting cybersecurity strategies to address a wide range of threats that included foreign governments attacking critical national infrastructure, criminals locking then ransoming computer systems, hacktivists protesting against the activities of firms and the bulk theft of identities. He further adds that such threats have increased in significance due to global connectivity, social networks as well as the rise of Internet of Things.
Cybercrime trends and views
Former International Telecommunications Union (ITU) Secretary- General Hamadoun Toure shared, “At the moment, cybercriminals see Africa as a safe haven to operate illegally with impunity”.
The African Union Commission in collaboration with Symantec in 2016, released a report that analysed cyber security trends and the response of governments across Africa. It focused on 5 key areas: Social Media, Scams, and Email threats, Smartphones and the Internet of Things, Business Email Scams, Rise of Ransomware and Cryptolocker and Vulnerabilities. The report highlights the rise of access to smartphones, increased connectivity and emerging economies Africa is an easy target for cybercrimes. The report found out that of 54 countries in Africa, 30 lacked specific legal provisions to fight cybercrime and utilize electronic evidence.
In 2017 it is believed that cybercrime costs Africa an estimated total of $3.5 billion, this was supposedly due to weak infrastructure security, lack of skilled human capital and lack of awareness of the sector’s dynamics. Africa leads the world in money transfer via mobile phone, this is at 14% of all Africans receiving money through mobile money transfer. Countries such as Nigeria, Kenya, Tanzania, Uganda and Ghana were some of the countries listed with the worst financial impact. The sectors in which cybercrime is predominantly active are Banking/Financial services, government, e-commerce platforms, mobile payments and telecommunications.
Social Media and Data Threats
You would have to be living under a rock to have missed the biggest unravelling of social media data protection, when Facebook was put under scrutiny for releasing user data to Cambridge Analytica in 2018.
The story broke in early 2018 with little response for Mark Zuckerberg, CEO of Facebook. According to media coverage, vast amounts of private data was extracted from numerous profiles by one entity that then shared this data with another entity, in which that entity then dispersed this information to another entity to drive a political agenda. Interestingly enough, in the past two years, there have been a number of countries that shut down social media platforms during critical times. Namely Uganda introducing a tax on social media use, in Tanzania bloggers are expected to pay $900 to authorities to have a website license, Egypt blocked social media apps, Ethiopia, Chad, Cameroon and Algeria all shut internet access or blocked access to apps during difficult anti-government resistance action or during critical elections. Most recently this year, Zimbabwe also blocked internet access for a period of 3 days and Mali blocked during elections social media for an estimated duration 6 – 9 hours..
Whether there’s an interlink between the Cambridge Analytica saga and African’ governments seeking to maintain diplomatic control via blocking social media, due to a fear of skewed election results is still yet to be uncovered. One thing is very clear that the lack of policymakers and leadership engagement with the cyber community will continue to be detrimental to Africa and its progression, it also further allows for greater cybercrime attacks to take place. The implementation of laws of certain acts as government trying to protect state security information is a rising concern. Kshetri writes, “Policy makers in the continent should focus on increasing public awareness of cybersecurity practices and strengthening regulatory and enforcement capabilities in this area.” Though it may seem like the statement is in favour of governments controlling access, what he writes eludes to more of an interactive process where bloggers, non-profit organizations, think tanks and industry have a shared platform to find a working solution with tangible results.
Cyber-resilience, and the future
“Africa cannot remain disconnected from the realities of the cyber arms race. Building cyber resilience in Africa requires a national risk plan, a cybersecurity policy and a cybersecurity recovery plan for use in the event of a cyberattack. This must include regular emergency exercises, to test cyber-resilience readiness, as well as changes in military doctrine, government policy and expenditure” (Dalton, Van Vuuren, Westcott 2017).
The above are just some of the examples that can be utilized to dealing with cybercrime. Many recommendations suggest observing China’s approach; how the banking and financial sector in Brazil operates and the offshore outsourcing sector in India. These countries could provide learning curves and examples of best practices to mitigating financial loss due to cybercrimes. It could harness a human approach to inclusive education with the general public, equipping them with solid information to take the necessary protective measures of their personal data. For businesses it means finding solutions that are quickly implementable to avert the next possible attack. For countries with developing economies forums that allow positive hackers, industry and government to collaborate set a precedent of greater impact and assist in developing protective measures.
The opinions expressed in this blog post are the views of the author.