Cyber Threats hit Africa hardest

Stakeholders in Africa's cyber security ecosystem need to be more proactive in leveraging public-private partnerships to enhance cyber resilience, protect assets, comply with regulations, and support the continent's digital transformation. This is a key takeaway from Cisco's newly released white paper, "Elevating Africa's Cyber Resilience," unveiled in Midrand this week.

The white paper, a collaboration between Cisco, public policy consultancy Access Partnership, and the Centre for Human Rights at the University of Pretoria, focuses on three critical areas: people, technologies, and policy. It highlights that while cyber security is a global issue, Africa faces the most severe impact from cyber threats. The research indicates that 75% of African countries are categorized as 'high exposure,' making them highly vulnerable to cyber risks.

Charmaine Houvet, Senior Director of Government Strategy and Policy at Cisco Africa, emphasized, "Africa is one of the fastest-growing regions for internet penetration and mobile-based financial services, making it a prime target for cyber criminals. Increasing cyber resilience is essential for businesses and the public sector to compete globally, change the continent’s economic trajectory, and attract investment."

With a combined GDP expected to surpass $4 trillion by 2027, Africa has the potential to become an economic powerhouse. However, cyber security remains a significant risk. The study reports that cyber crime cost Africa over 10% of its GDP in 2021, approximately $4.12 billion in losses. The frequency and complexity of cyber attacks have increased, posing substantial barriers to socio-economic development. In the second quarter of 2023, Africa saw an average of 2,164 weekly cyber attacks per organization, a 23% rise from the same period in 2022. This growth outpaces the development of effective response mechanisms, including robust regulatory frameworks and the training of cyber security professionals.

Acute Skills Shortage

Africa faces a severe shortage of cyber security professionals, with digital literacy gaps particularly pronounced in rural areas and among women. Limited training programs and resources exacerbate this issue. In 2023, Nigeria, with a population of 280 million, had only 8,352 cyber security professionals, while South Africa had 57,269. In contrast, the US boasts a cyber security workforce of 482,985, and Brazil has 231,921. This disparity underscores the urgent need for targeted educational initiatives and skill-building programs. It is also noted that the number of professionals in South Africa includes individuals in both legitimate organizations and those recruited by organized crime syndicates.

Emerging technologies and skills are accessible to both defenders and attackers in the cyber security landscape. Sectors such as manufacturing and energy have higher percentages of proficient cyber skills, while financial services and public administration face acute demand due to regulatory scrutiny and frequent attacks. Collaboration between the public and private sectors is crucial to closing this skills gap.

"Private sector entities can scale learning initiatives to improve career opportunities, boost employability, and build the necessary skills for future jobs," Houvet stated. Over the past 25 years, Cisco has invested over $180 million and educated more than 1.6 million students in digital and cyber security skills across the continent through its Networking Academy program. In 2022, Cisco pledged an additional $200 million to train 3 million more students in digital skills and cyber security in Africa over the next decade.

Outdated Technology

Cyber attackers are targeting Africa's critical infrastructure using advanced techniques like AI for sophisticated attacks. Common vulnerabilities include malware, social engineering, and credential compromise. In 2023, 94% of South African organizations reported being targeted by phishing attacks, underscoring the need for enhanced cyber security resilience and the deployment of advanced technologies such as encryption, security information and event management (SIEM) systems, and cloud computing. AI and machine learning (ML) are becoming more sophisticated, and even blockchain is being used to enhance security.

Although 39 out of 54 African nations have implemented cyber security legislation, the increase in inter-African trade and travel necessitates a more harmonized approach. "Governments must collaborate to develop, review, and update comprehensive legislation to address new and emerging cyber security issues, including the protection of vulnerable and marginalized groups. Initiatives such as the adoption of the Malabo Convention and the AU's Continental Cybersecurity Strategy are positive steps forward," said Houvet.