ADF STAFF
Kenyans experienced 860 million cybersecurity incidents over the past year — a level of attacks that is more than 100 times higher than it was five years ago, according to the country’s Communications Authority.
Across Africa, cybercrime is on the rise, made easier by the spread of smartphones and internet technology. Internet criminals cost Africans $4 billion a year.
At the same time, governments and corporations have been slow to adopt cybersecurity countermeasures designed to block online scammers, identity thieves and other malicious actors.
Along with Kenya, South Africa has reported a dramatic rise in cybercrime in 2023, up 62% since 2022, according to African cybersecurity firm Liquid C2.
“Companies are saying that they’ve put a lot more cyber security controls in place,” Liquid C2 CEO David Behr said in a statement. “With threats evolving faster than security systems, companies cannot afford to get complacent.”
Industry control systems (ICS) — the computer systems that operate energy plants, manufacturing facilities, building systems and more — have become especially popular targets of cyberattacks in South Africa, according to cybersecurity firm Kaspersky.
“The level of attack that’s coming is too much for some of South Africa’s top experts to deal with,” technology reporter Mudiwa Gavaza told Business Day.
According to Behr, two-thirds of the companies Liquid C2 studied in Kenya, South Africa and Zambia reported adding cybersecurity staff members. Despite that, Kenyan enterprises accounted for 90% of successful cyberattacks in those three countries, the company reported.
Cybercrime is becoming big business in Africa, with entire companies created to do the hacking for malicious actors. There’s even a term for it: Cybercrime-as-a-Service (CaaS). That means governments and businesses must stay alert for proliferating cyber threats such as ransomware attacks. Ransomware locks users out of their computer systems until they pay for the key to reopen it.
Companies and governments cannot rely on outdated technologies and processes to defend themselves, Behr said.
Many companies don’t have even the bare minimum protection. According to African Business, as of February 2023, 90% of African businesses were operating without cybersecurity protocols in place, making them increasingly vulnerable to cyber threats.
Governments have become popular targets for cybercriminals because they are slow to adapt to technology advancements, Gavaza said.
“You need to be thinking of cybercriminals akin to businesspeople that are looking to scale their operations, the impact of attacks, and how quickly they can do things,” he added.
Ransomware operators have become so large that they offer their own call centers to help victims retrieve their data after they pay up, Gavaza noted.
“If criminals are offering customer support, it shows you the level of sophistication out there,” he said.
At the same time that cybercrime is booming, Africa’s cybersecurity experts are outnumbered. Industry experts estimate that the continent is short about 100,000 certified cybersecurity professionals to counteract online criminals. Current estimates indicate there are 7,000 certified cybersecurity professionals in Africa — one for every 177,000 people on the continent.
“A significant portion of the attacks witnessed across Africa are shaped by the rapidly changing geopolitical landscape. However, a growing concern is that cybercriminals are learning from successful advanced attacks to refine their craft,” Dr. Amin Hasbini, head of Kaspersky’s Global Research and Analysis Team (GReAT), told the company’s inaugural GITEX Africa conference in Morocco earlier this year.
Cybercriminals continue to use proven attacks such as phishing to trick unsuspecting people into helping them invade computer systems through malicious emails or links. However, artificial intelligence (AI) has given cybercriminals a new tool: virtual kidnappings.
In virtual kidnappings, cybercriminals use AI to create fake videos suggesting that they are holding a family member of a high-profile individual for ransom. The family member is not actually in danger, but the target of the extortion doesn’t know that.
Other AI technology, such as ChatGPT, eventually could be used to create a script in the virtual hostage’s voice, according to Trend Micro.
While Kenya, South Africa and Nigeria face an onslaught of cyberattacks, Ethiopia, Libya and Namibia are among the African countries most at risk of future online incursions, according to SEON Technologies. Namibia ranks at the bottom of African countries at prepared to defend against cyberattacks.
“These countries have very weak legislation regarding cybercrime — or even none at all — and therefore carry the greatest risk when processing sensitive transactions,” SEON analysts wrote in a recent report.
Africa’s top-ranked country on SEON’s list is Egypt, which ranks 46th out of 93 nations studied.
Ultimately, cybersecurity comes down to the individuals on the receiving end of cyberattacks, experts say. Internet users need to learn about the risks they face and be prepared to defend against them — by identifying and not clicking on suspicious email links, for example.
“The biggest vulnerability is the individual,” Gavaza said.