Cyberextortion remains an ongoing threat in sub-Saharan Africa with data leakages and targeted attacks in top two positions; Growing investment into connectivity and IoT increasing the cybercrime attack surface; There is a linear relationship between GDP and cybercrime.

The KnowBe4 and IDC Impact of Cyberextortion on Africa report released in June 2022 has revealed a complex cybercrime landscape in sub-Saharan Africa (SSA) with data leakages, insider threats, malicious emails and targeted attacks continuing to seriously impact business security in the region. These threats are compounded by budget constraints and that nearly 60% of SSA organisations plan to increase connectivity and IoT use cases over the next 12 months. Growing investments into cloud, Internet of Things (IoT), connectivity and digital solutions increase the risks alongside the digital benefits.

The volume of threats facing organisations in Africa has grown exponentially over the past few years and there is a clearly visible linear relationship between the continent’s gross domestic product (GDP) and cybercrime – as one increases, so does the other, yet only about a third (17) of Africa’s 54 countries have completed a national cybersecurity strategy. This opens up the threat landscape considerably and puts organisations at greater risk.

Read also AfDB to Establish African Pharmaceutical Technology Foundation

The top threats facing organisations in SSA in 2022 are data leakage (61%), insider threats (43%); targeted attacks using phishing (37%); cloud-related attacks (34%); and ransomware attacks (30%). The top five global threats are business email compromise, cloud misconfigurations, software supply chain attacks and non-compliance. Phishing or social engineering attacks remain the second most common type of cybercrime and are evolving in terms of technique and success rates. These challenges are influencing security strategy for organisations going forward with 43% focusing on security for cloud migration, 40% on strengthening secured access for a distributed workforce, and 36% focused on strengthening customer trust in digital services.

According to the report, 56% of organisations in SSA are in the first two stages of data security maturity which means that many are still struggling to find their security footing in this shifting landscape. A lot like trying to find balance in the middle of an earthquake, cybersecurity threats are keeping decision makers and security teams off balance, particularly in light of skill-shortages, budgets and increased regulatory complexity.

Read also African Fintech Zazuu Raises $2M For Its Cross-border Payment Marketplace

“Chief Information Security Officers (CISOs) are struggling to find competent staff that can handle the security alerts they receive while also keeping up with data protection regulations, and building networks capable of withstanding the cyberthreats,” says Anna Collard SVP Content Strategy & Evangelist at KnowBe4 Africa. “In addition, one out of every three companies believes that there is insufficient integration between security and IT teams with 30% saying that hiring and retaining security skills is a challenge.”

Cyberextortion is lucrative. And cybercriminals don’t expect much retaliation from African states. This means it is unlikely to stop and very likely to become even more prevalent on the continent. Organisations have to focus on security investments and strategies that will allow combating this threat with more agility and resilience. This means prioritising a defence in depth model with cloud security; privacy and compliance; choosing the right security service providers and building a security culture among both decision makers and employees.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Changing the differences in power that exist in digital discourse and embracing diversity across all platforms. Cyberfeminism is defined as both a philosophy and a movement. As a philosophy, it acknowledges the differences in power between men and women, specifically around digital discourse, and what needs to be done to change these differences. As a movement, it is focused on empowerment, for all types of diversity. It is an important consideration in today’s society, not least because women will be put at risk if they do not find their digital footing in the age of the internet.

“Women are not given as many opportunities to explore the potential of digital and to learn more about how they can engage with technology, particularly in Africa,” explains Anna Collard, SVP of content strategy and evangelist for KnowBe4 Africa. “Because of this, they are at risk of being left behind as the world moves into digital everything. They run the risk of remaining stuck in the professions that have been traditionally menial or traditionally labelled as those belonging to women. This dynamic has to change.” 

Women bring a unique flavour to any business environment, and diversity can fundamentally change the innovative mindset of an organisation. This makes digital equality a critical touchpoint for both humanity and the organisation. For it is innovation that will disrupt the traditional and reshape the future. Yet, a study by the International Telecommunications Union (ITU) found that women in Africa are using the internet measurably less than men.

Read also:Revolutionalising Legal Practice With Technology

“The digital gender gap is not a perception, it is a reality, and if this continues, a large percentage of women will lose out,” says Collard. “To change this, we need to look at the primary causes of this gap and find inventive ways of bridging it.”

One of the first reasons for the gap remains the attitudes and norms perpetuated by patriarchal society. There is a lack of big data around women – a problem that author Caroline Criado-Perez dubbed ‘silencing half the world’s population’ – and this impacts gender across everything from healthcare to employment. The embedded attitudes and perceptions influence behaviour and attitudes, and is particularly persistent in African countries. This is further underscored by a survey undertaken by the OECD that found men tend to have priority over women when it comes to accessing the internet and often have control over what women can access on the internet.

“These are deep, ingrained, systemic barriers that are built on patriarchal thinking that are difficult to measure, but have a sustained impact on women,” says Collard. “Now add to this the fact that women of colour are more likely to be targeted by online hate speech, and that African girls are concerned about their online safety, and the entire picture is very much out of balance.”

Read also :Welcome to the subscription economy. Here’s how it can benefit your business

A 2020 survey undertaken by KnowBe4 also found that digital literacy and cybersecurity education as a whole were lacking – not just around gender. Only 3.7% of the African teachers participating said that they offered cybersecurity as a subject and yet, this is a critical touchpoint for ensuring online safety.

“We need to move the lines, change the perceptions and embrace the idea of cyberfeminism,” concludes Collard. “We need to focus our efforts as individuals and organisations towards strengthening women’s rights, inventing into digital and data literacy and education, ensuring everyone has access to the internet, and integrating gender equity targets into national ICT policies.”

It is an issue that needs more awareness. But it also needs firmer commitment from industry, the public sector and organisations alike. If companies approach their talent acquisition strategies with a greater emphasis on gender equality, then more will be done to foster this talent from the ground up.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

By Anna Collard

Imagine if your mobile phone could be used to spy on you, listen to your conversations and send information and images from your device to a third party? This is not an imagined, dystopian future; it is the story of the Pegasus spyware put on mobile devices by clients of Israeli spyware software firm NSO. Although the Pegasus spyware is meant to be used by law enforcement only and is targeted at high-value individuals, this story provides some food for thought as, according to Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA (www.KnowBe4.com), mobile malware and spyware are not only aimed at the wealthy and the important – they can have a serious impact on anyone’s life.

“Other mobile threats such as banking malware for example use a similar process to the Pegasus spyware to get to users’ devices. “For example, many of these types of malware get installed by people clicking on a link that they received via SMS or WhatsApp and end up downloading a malicious app that could result in advertising click fraud, mobile ransomware, banking trojans or in some cases, even roots or jail breaks their phone to obtain full remote control over the device. The malware then allows for the criminals to listen to calls, take screenshots and see what the user types – catching passwords and banking details.”

Read also:Leading Cybersecurity Specialist Eyes Sub-Saharan Africa Expansion

Criminals use social engineering tools and approaches to lull users into a false sense of security. Pretending to be anything from a parcel tracking link to a banking confirmation link, these malware messages are designed to provoke people to make impulsive mistakes. And these mistakes can lead to your device being completely compromised, putting you and your financial security at risk.

“These smart malware infiltrations are designed to get past people’s defences,” says Collard. “Another form of distribution is taking advantage of devices that have not been updated or exploiting vulnerabilities on the phone or in apps that do not yet have patches. It is really important to ensure that your mobile devices are updated, and to ensure that you minimise risk by removing unnecessary apps, only downloading apps from official apps stores and by avoiding clicking on links from your mobile device.”

 “Unfortunately, people are more likely to click on a link using their mobile device because they think they are safer than a computer. You need to be cautious and ensure that if you do not know the sender, you do not download anything or click on anything. Do not believe an SMS message that tells you to update your WhatsApp software or a link that tells you to update an app that comes through a social media platform. Always update from the App Store or Google Play, nowhere else.”  Also, be aware of clickjacking, which is a form of mobile phishing that comes with an invisible link, which is covered by a “bothersome” graphic element that is made to look like a small hair or a speck of dust. This tricks the user into wiping the hair or dust off the mobile’s screen, which activates the link and launches a connection to the phishing site.

Read also:Haller Foundation Partners Mara Phones to Boost Technology Accessibility in Rural Africa

Keeping your mobile device free from infection means that you watch what you click, you do not trust unexpected links from unknown sources, do not share information with anyone – especially if they call and pretend they are from your mobile phone provider or bank – and do not provide people with your OTPs unless you have initiated the transaction with a trusted agent yourself. Mobile devices are as much at risk as computers, so stay aware, stay alert and stay secure.

Anna Collard is the founder of Popcorn Training – now KnowBe4 Africa; Cyber Security Awareness & Culture Evangelist 

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry