African countries are facing increasing challenges in combating cybercrime in a threat landscape that has changed dramatically.
Africa has over 500 million internet users among a total population of nearly 1.4 billion, leaving huge potential for growth but at the same time making it increasingly vulnerable to cybercrime.
The continent is reputed to have the fastest growing internet networks in the world, with internet users expected to surpass 1 billion by 2023.
Recent announcements of increased fibre infrastructure and capacity in the region include extensions to the 2Africa undersea cable, which will increase its landings to 35 in 26 countries.
The 2Africa consortium is made up of China Mobile International, Facebook, MTN GlobalConnect, Orange, stc, Telecom Egypt, Vodafone and WIOCC.
As the largest subsea cable project in the world, 2Africa will deliver faster, more reliable internet service to each country where it lands, according to the consortium’s announcement in August 2021.
At the same time, the growth in digital infrastructure projects like 2Africa will increase opportunities for cyber criminals to exploit network vulnerabilities.
Challenges and threats
The ability to operate safely and effectively within an increasingly digitised economy is one of the greatest challenges for businesses operating in Africa today.
Since the advent of the Covid-19 pandemic and the sudden rush and panic of gearing up to work remotely the threat landscape has changed dramatically.
Many African countries have seen a rise in digital threats and malicious cyber activity, according to a recent International Telecommunication Union (ITU) article.
This has resulted in sabotaged public infrastructure, losses from digital fraud and illicit financial flows, and national security breaches involving espionage and intelligence theft by militant groups.
As the ITU points out, addressing cybercrime vulnerabilities requires a greater commitment to cybersecurity including enforceable policy safeguards, risk prevention and management approaches.
It also requires technologies and infrastructure that can protect each country’s cyber environment, as well as individual and corporate end-user assets.
Level of commitment
The latest Global Cybersecurity Index (GCI), released in June 2021 by the ITU, suggests Africa’s level of commitment to cybersecurity and its capacity for response to threats remain low compared to other continents.
Out of 54 African countries assessed by the ITU, only 29 had passed legislation to promote cybersecurity. “Four others are currently at the stage of drafting policies or seeking legislative approval,” it says.
It adds that, given that cyberthreats are borderless, countries need to embrace collaborative efforts on cybersecurity.
“It is not the lack of legislation on the continent that is hindering the fight of cybercrime in Africa,” says Alice Namuli Blazevic, partner at Katende Ssempebwa Advocates in Kampala, a member of the Lex Africa legal alliance.
“It is majorly the lack of implementation or enforcement of the legislation.”
Most of the countries that have enacted cybersecurity or data protection laws in Africa have not set up the infrastructure to implement the regulations, she adds.
In some French-speaking African countries, the authority in charge of the security of electronic communication networks helps enormously in legal proceedings, says Danielle Moukouri Djengue, managing partner at D. Moukouri & Partners, LEX Africa’s Cameroon member.
She says this is done through the Cyber Incident Response Centre.
“Its close cooperation with international cyber security organisations facilitates the identification of cybercriminals. It is then up to the victims to adopt this solution and systematically report the incidents to the authority.”
A recent report by Liquid Intelligent Technologies (Liquid), an African technology group, investigates the evolving cybersecurity threat in three key African jurisdictions.
Liquid ran the research in South Africa, Kenya, and Zimbabwe, among IT and cyber security decision makers across many sectors including manufacturing, wholesale, retail, mining, and government.
Its results show that companies operating in these countries face a notable increase in the frequency and sophistication of cybercrime.
“The profile of the perpetrators has also changed from individuals to groups, organised syndicates, and even governments,” it says.
Significantly, 79% of companies surveyed in South Africa, 78% in Kenya, and 82% in Zimbabwe indicated that they had experienced an uptick in cyber security threats over the past year.
This was largely associated with remote working and the use of cloud-based apps, services, and storage.
While the results of the survey differed from country to country, the most pressing cyber security threats identified by respondents were, email attacks including spam, phishing, and social engineering attacks (67%).
Next was data breaches including data leakage, data disclosure, and data extortion (59%), and web application and web-based attacks, such as the defacing of public-facing websites (51%).
This was followed closely by malware attacks – including ransomware attacks (50%), then came the security of confidential information stored in the cloud (44%), identity theft (40%), and passwords being compromised (32%).
A new report published by INTERPOL, the African Cyberthreat Assessment Report 2021, aims to help African countries to understand the most prevalent threats and formulate a coordinated regional response to cybercrime.
According to the report, the top five threats in Africa are, online scams, digital extortion, business email compromise, ransomware and botnets – networks of compromised machines used to automate large-scale cyber attacks.
Weak networks and security, and the lack of cybersecurity policies and standards leave the continent vulnerable to attack.
And cyber criminals “take advantage of variations in law enforcement capabilities across physical borders, says Craig Jones, INTERPOL’s director of cybercrime.
He says INTERPOL’s regional cybercrime strategy for Africa provides a framework for sharing intelligence and coordinating action to strengthen the law enforcement response across the continent.
The strategy focuses on the areas of criminal intelligence, law enforcement operations, regional capacity and capabilities, and awareness campaigns for businesses and the general public.
Implementation of the strategy will be driven by INTERPOL’s African Cybercrime Operations Desk, working in close partnership with the likes of the African Union and Afripol, law enforcement communities, and the private sector, according to the report.