Weak Threat Response, Outdated Technology Put Millions at Risk from Cyberattacks
To confront a host of cybersecurity threats in 2023, internet users and governments need updated technology, quicker reactions and greater transparency about attacks.
That is the assessment of Cyber Security Experts Association of Nigeria (CSEAN), which recently issued a report detailing the threats facing the country. Many of the same threats apply across the continent as the expansion of digital technology brings millions of Africans onto the internet, often unprepared for the scams awaiting them.
“In 2023, we envisage an increase in the exploitation of computing resources of government establishments for malicious use,” wrote the report’s authors.
Government-held data is likely to be stolen and government technology turned to other uses, such as time- and energy-intensive mining of cryptocurrency, according to the report. Internet security experts in the government and elsewhere — particularly financial institutions — must be diligent about regularly updating and patching their systems to stay ahead of malicious actors, according to the report.
“Threat actors are likely to focus on devices with weak security and easily exploitable vulnerabilities,” the authors wrote.
More than 600 million people on the African continent are now online, about 90% of them operating without the proper cybersecurity precautions in an environment that sees about 700 million cybersecurity threats a year, according to Interpol.
With about half of its 213 million citizens online, Nigeria is a major target for cybersecurity threats. Kenya and South Africa, which also have vast online populations, also report large numbers of cyberattacks.
Between 2019 and 2021, more than 13 million Nigerians joined the internet, bringing the estimated total users to 108 million, according to Gallup. In South Africa, 70% of the population is now online, up from just over half before the COVID-19 pandemic. About one-third of Kenyans are online, according to the World Bank.
Elsewhere on the continent, internet access ranges from 84% in Morocco to 6% in Uganda.
So far, only 12 of Africa’s 54 countries have created national systems to address cybersecurity issues and to respond to attacks. Fewer than that have ratified treaties designed to address the international aspects of cybercrime.
For countries such as Kenya, Nigeria and South Africa, the focus has been on a loosely regulated campaign to increase internet access with much less emphasis on the security of those connections, Nigerian cybersecurity expert Abdul-Hakeem Ajijola told ADF in an email. Ajijola leads the Strategic Road Map Action Plan Committee of the Nigeria Data Protection Bureau.
“The fundamental needs are to build capacity and generate awareness among ‘digital Africa,’” Ajijola said. The challenge for security experts is that digital Africa now includes everyone from roadside food vendors to teenage TikTok users to government and business officials.
“Arguably, Africa has become a victim of its own success in expanding digital infrastructure and services like mobile banking, which are particularly vulnerable target for financial crime, while the user base has not been adequately informed or prepared,” Ajijola said.
CSEAN’s experts say small- and medium-sized businesses are the mostly likely to be victimized by online threats, such as ransomware, because they often lack the resources and knowledge to keep their computer systems updated. Ransomware is a type of cyberattack in which hackers inject computer code that locks down a computer system until the owner pays to have the system restored.
Larger companies also face risks of ransomware and similar attacks, especially those in the financial industry, according to the report. Even the most robust cybersecurity system can be cracked by phishing — a cyberattack that tricks employees into opening emails that unleash malicious code into the computer network.
To protect against phishing attacks, financial institutions and other businesses need to teach their workers how to avoid online risks and stay on top of security updates, the report says.
“All stakeholders must work together to ensure a concerted effort to protect the cyber sovereignty of the country,” CSEAN’s analysts wrote. “Cybersecurity is a collective responsibility.”
Comments are closed.