ADF STAFF
The rapid expansion of digital technology in recent years has left millions of Africans vulnerable to cybercriminals seeking to scam them, their companies and even their governments out of money and valuable personal information.
The problem is so pervasive that, according to some estimates, cybercrime can cost African countries up to 10% of their gross domestic product each year.
“Cyber threats are more sophisticated and complex than ever and evolving quickly with new technology like AI [artificial intelligence] becoming increasingly advanced every day,” Stu Sjouwerman, CEO of South African cybersecurity company KnowBe4, wrote recently for the online publication ITWeb.
In the rush to move commercial and government activity online, many African countries have neglected to put in place the legal framework and security needed to protect their citizens from cybercrime, according to analysts.
As a result, many African countries have become open markets for cybercriminals, some of whom regularly sell access to government and corporate servers for as little as $300 on the dark web.
Businesses and governments have become the targets of denial-of-service attacks that overwhelm their online infrastructure or malicious ransomware programs that lock down computer systems until the victims pay to have their access restored. Fake tech support, in which scammers pretend to help struggling computer users, is an increasingly popular way for cybercriminals to gain access to computer networks.
The cost of responding to and recovering from cyberattacks typically gets passed along to customers in the form of higher prices for goods and services, analysts say.
Looking ahead, Sjouwerman urges African businesses and government leaders to focus on strengthening what he calls the “human firewall” by educating computer and mobile phone users about the risks they face from cybercriminals employing scamming techniques. Those techniques include phishing — sending authentic-seeming emails or links that can trick an unsuspecting recipient into unintentionally breaching a computer system’s security.
Investing in the “human firewall” is crucial because African nations are facing a severe shortfall of trained cybersecurity experts. Microsoft’s Digital Defense Report shows that the demand for cybersecurity skills has grown by an average of 36% over the past year in South Africa alone.
“This gaping hole in skills shortage is not going to be filled any time soon, leaving organizations vulnerable to cyberattacks,” Sjouwerman wrote.
The same report identifies China, North Korea, and Russia as major sources of global cybersecurity threats. However, nation-states are not the only source of cyberattacks. Transnational criminal networks are now using hired guns to create the malware they need to invade computer systems. So-called “cybercrime-as-a-service” operators can enable malicious actors to hold water and power systems hostage or to rob telecommunications companies of their lucrative trove of customers’ personal data.
African countries vary greatly in the severity of cybersecurity threats they face. Kenya, Nigeria, and South Africa routinely rank among the African countries experiencing the greatest number of cyberattacks.
South Africa ranks globally among the countries with the highest density of cybercrime, measured as the percentage of cybercrime victims among internet users, according to cybersecurity company SurfShark.
IBM Security’s “Cost of a Data Breach” report found that the average data breach cost for South African organizations was $2.7 million in 2023. That was up 8% since 2020 and a 73% increase since South Africa joined the analysis in 2015.
“Many South African businesses suffer from the belief that they will be spared from falling prey to cyberattacks and that only the large and wealthy will be targeted,” Damian Viviers, commercial director at PH Attorneys, wrote recently for the South African news site IOL. “This, unfortunately, is far from the truth.”