Booming Online Activity Leaves Cybersecurity Experts Playing Catch-up
In late October, hackers invaded the systems of Airtel Mobile Commerce Uganda Limited, a popular mobile money-transfer system, and made off with more than $2 million.
Hackers infiltrated Airtel Mobile through one of its clients. From there, they swiped cash from banks and microfinance companies across the country. The case is under investigation by the Cyber and Counter Electronic Measures Desk at Uganda’s Criminal Investigations Directorate.
The Airtel Mobile attack, like thousands of others across the continent every day, is a reminder that Africa’s rush to join the internet has left millions of users open to online scams.
“Arguably, Africa has become a victim of its own success in expanding digital infrastructure and services like mobile banking, which is particularly vulnerable target for financial crime, while the user base has not been adequately informed or prepared,” Nigerian cybersecurity expert Abdul-Hakeem Ajijola told ADF in an email. Ajijola leads the Strategic Road Map Action Plan Committee of the Nigeria Data Protection Bureau.
Online theft costs Africans an estimated $4 billion a year, according to researchers.
The COVID-19 pandemic forced people to rely on online tools more than ever before. Between 2019 and 2021, more than 13 million Nigerians joined the internet, according to the Gallup research company. In South Africa, two-thirds of the population is now online, up from just over half before the pandemic.
Registered mobile money wallets in Africa reached 621 million in 2021 — up 17% from 2020. The value of mobile money transactions on the continent rose 39% to $701.4 billion in 2021, according to GSMA, a telecommunications association.
With the focus on providing access, most often through mobile devices, strategic decision makers have placed less emphasis on cybersecurity, Ajijola said. A 2021 Interpol investigation of Africa’s cybersecurity found that weak networks and poor security made the continent particularly vulnerable.
“There has to be greater political will and commitment to post cybersecurity to the top of national agendas,” cybersecurity expert Folake Olagunku said during a podcast interview by the group African Union-European Union Digital for Development Hub. Olagunku is principal program officer for internet, cybersecurity, and e-applications at the Economic Community of West African States.
Even as governments and internet providers fortify their systems, they face a challenge: users who are tricked into opening the gates to the enemy.
Phishing is a method hackers use to gain access to computer systems by sending legitimate-looking emails that contain software designed to invade their computer network or to steal their personal data. In South Africa, an investigation found more than 100,000 phishing attacks in two months that imitated emails from the South African Post Office.
Africans experienced 10.7 million phishing attacks in the second quarter of 2022. Nearly half of them targeted Kenyans. Another 4.6 million attacks targeted South Africans.
“Without appropriate security measures, citizens will be at the mercy of ruthless criminals going to great lengths to subvert the hard-won trust between them and the state,” Moss Gondwe, public sector director for cybersecurity company Mimecast, wrote recently in South Africa’s Mail & Guardian.
Experts called for teaching internet users how to spot potential scams to avoid making victims of themselves and, through them, their employers, banks, and other connections.
“Individuals, government, and private organizations should routinely train in cybersecurity at a personal level and conduct penetration tests on their computer networks,” online security expert Dennis Ssengendo wrote recently in Uganda’s Monitor news site.
Other security experts suggest public awareness campaigns to alert internet users to the threats waiting for them in the digital shadows.
Cybersecurity remains a small component of Africa’s internet environment, but demand is growing. Côte d’Ivoire-based Ciberobs is one of several African cybersecurity organizations hosting gatherings in 2023 to confront Africa’s online challenges.
“It is essential for our states to strengthen and maximize investment in this sector,” Edith Brou Bleu, a digital specialist and Ciberrobs adviser told Agence Presse Africaine.