African digital connectivity booms: lack of cyber security awareness and rise of infrastructure attacks

Over the last decade, Africa has witnessed a significant surge in digital connectivity, with advancements in technology and infrastructure paving the way for unprecedented growth in internet access and digital services … but we are already seeing cybercrime consequences and capacity issues as a result.

• It was reported that cybercrime reduced GDP within Africa by more than 10%, at a cost of an estimated $4.12 billion in 2021 (Tony Blair Institute)
• As of June 2020, South Africa had the third-highest number of cybercrime victims worldwide, at a cost of approximately $147 million a year (Accenture).
• It is estimated that one in nine Android mobile phones in Nigeria has malware-infected applications (Tech Economy).
• Of a population of about 1.24 billion people, the estimated number of certified security professionals in 2018 was 7,000, representing 1 for every 177,000 people (SSRN).

As the continent embraces the digital revolution, it is crucial to assess the cyber security awareness levels across various sectors within the booming continent.

Among the factors creating a complimentary environment for cybercrime in Africa are limited public awareness and knowledge regarding potential risks in the cyberspace, underdevelopment of digital infrastructure, limitations in cyber security laws, and an absence of extensive cyber security policies.

This article delves into the state of cyber security awareness in Africa, providing insights into the challenges and opportunities for CISOs (Chief Information Security Officers) operating in this dynamic landscape.

The digital connectivity boom in Africa

Africa has experienced remarkable progress in digital connectivity over the past decade. According to Statista the continent had around 570 million internet users in 2022, more than double the figure in 2015. The proliferation of mobile devices, expansion of mobile networks, and the deployment of undersea fibre-optic cables have been instrumental in driving this growth.

Additionally, the rise of digital financial services, e-commerce platforms, and the adoption of cloud computing technologies have transformed the way Africans conduct business and engage with digital services.

According to this ‘Cybersecurity in Africa’ survey, 97% of respondents use a smartphone, 74% use laptops, 47% use smart TVs, 31% use tablets, 17% use gaming consoles. In fact, the survey reveals that, at this moment, less than 1% of respondents did not own any of these devices.

However, this digital transformation has also exposed the continent to new cyber security risks and threats and connectivity issues. For example, 71% of those surveyed access the internet through mobile networks, with a similar percentage also accessing the internet through home Wi-Fi. Worryingly, 36% of respondents only get online using their work and office networks, while 15% use free Wi-Fi in public places and 12% access the internet at internet cafes. As we very well know, the use of public, sometimes-unsecured, wi-fi can open individuals and organisations up to a host of cyber risks and this will need to be addressed in a variety of ways.

As a long-term initiative, African governmental bodies and organisations need to put more stock into the general population’s knowledge of cybercrime and common cyber threats. In the same ‘Cybersecurity in Africa’ survey, it is revealed that whilst 19% of respondents are concerned about cybercrime, they do not understand threats or how to mitigate them. Even more troubling is that 7% of respondents believed cyber security was a concern for their employer and not them and another 7% said they were not concerned at all about cyber security threats.

The state of cyber security awareness

While the digital connectivity boom presents tremendous opportunities for economic growth and social development, it simultaneously creates challenges for cyber security professionals and regular employees operating at any organisational level.

Cybercriminals are increasingly sophisticated, targeting individuals, businesses, and government entities. To counter these threats effectively, it is vital to assess the cyber security awareness levels across Africa.

• Awareness among individuals

At the individual level, cyber security awareness is a crucial factor in protecting personal data and digital assets. However, studies indicate that cyber security awareness in Africa remains low. A survey conducted by Serianu Limited, a cyber security consultancy, revealed that only 25% of Africans have a basic understanding of cyber security and safe online practices. This lack of awareness exposes individuals to various risks, such as phishing attacks, identity theft, and malware infections.

• Awareness within businesses

Businesses in Africa face significant cyber security challenges as they navigate the digital landscape. The proliferation of online transactions and data-driven operations has made them prime targets for cybercriminals.

According to the Global Cyber security Index (GCI), a measure of countries' commitment to cyber security, African nations rank relatively low compared to other regions. This suggests that many businesses in Africa may lack the necessary cyber security frameworks, resources, and skilled professionals to effectively mitigate cyber threats.

In fact, Africa Center reveals that cyber espionage is a massive issue in Africa with many instances linked with China. They discovered malware-infected systems in over 11 African countries and in 2018, reported that all the content in the African Union’s headquarter servers was being routinely transmitted to a Shanghai network between the hours of 10am and 2pm and footage was also being stolen from surveillance cameras.

• Government initiatives and awareness

Governments across Africa recognise the importance of cyber security and are taking steps to enhance awareness and strengthen defences. The African Union (AU) has launched the African Union Convention on Cyber Security and Personal Data Protection to promote cooperation among member states. Additionally, countries such as South Africa, Kenya, and Nigeria have established cyber security frameworks and agencies to address cyber threats comprehensively. Overall, out of 54 African countries, 29 had passed legislation to promote cyber security (ITU). A further four others are currently at the stage of drafting policies or seeking legislative approval. As a result, Africa comes second only to Europe in terms of the prevalence of legislation, even if the legislation introduced is foundational at this stage and lacking adequate depth and breadth. For example, only 10 African countries possess a national cyber security strategy that fully addresses measures related to critical infrastructure. About the same number of countries have conducted an audit to track the progress of national cyber security efforts. 10 out of 54 means progress must still be made.

The gap between cyber security policies and effective implementation remains a challenge. Limited funding, a shortage of skilled cyber security professionals, and the rapid pace of technological advancements pose hurdles for governments and organisations in creating robust cyber security ecosystems.

African critical infrastructure attacks rise

In Africa, attacks on critical infrastructure continue to rise. Banks are particularly common targets, with billions of dollars plundered by thieves and more capital lost via service disruption. Recently, the National Security Agency of Nigeria was hacked by Boko Haram and the municipal government of Johannesburg was targeted by a ransomware attack demanding bitcoin payments. 

Furthermore, the Institute for Security Studies reveals that cyber-attacks against maritime infrastructure are also on the rise ranging; we are seeing piracy and the theft of database logs with experts worrying that Africa’s ports and shipping industries could suffer an attack causing major disruptions in trade and commerce – which will have massive employment and financial ramifications.

Challenges and opportunities for CISOs

CISOs play a pivotal role in safeguarding organisations against cyber threats. In the African context, CISOs face unique challenges and opportunities within this evolving digital landscape.

• Talent Gap: One of the primary challenges for CISOs in Africa is the shortage of skilled cyber security professionals and the lack of cyber security awareness amongst the general population. In fact, The Daily Swig states that there is a growing 100,000-person gap in certified cyber security professionals. Bridging the talent and knowledge gap requires concerted efforts from governments, educational institutions, and the private sector to develop cyber security training programs and promote the profession among all worker demographics. This is why it would be beneficial for African governmental bodies and organisations to enlist the help of tried and trusted cyber security training and awareness experts to build programs from the ground up that will address their unique issues.
• Building a security culture: CISOs need to foster collaboration between government agencies, businesses, and other stakeholders to share threat intelligence, best practices, and resources. Building partnerships can help establish a robust cyber security ecosystem in Africa and build a security culture that values collaboration and swift incident response.
• Education and Training: CISOs should prioritise cyber security awareness campaigns and training programs within their organisations. In data revealed by The Fintech Times, only 21% of African employees surveyed believed their cyber threat training was adequate. In fact, 10% of responders felt their training was not adequate at all. Cyber security awareness and knowledge of common and emerging threats can still be improved, it is your duty as a CISO/security leader to prompt knowledge development with engaging and retainable training initiatives. Promoting a culture of cyber security awareness and implementing robust security protocols can significantly reduce the risk of cyber incidents.

Conclusion

According to the International Financial Cooperation and Google, Africa's internet economy is expected to contribute $180 billion to its overall economy by 2025, rising to $712 billion by 2050. To ensure these projections materialise, African governments and organisations need to build new initiatives to rapidly connect an estimated 700 million unconnected Africans and address lacking cyber awareness in workforces.

As African digital connectivity booms, it is crucial to assess the cyber security awareness levels across the continent. While progress has been made, there is still a significant gap in cyber security awareness among individuals and businesses.

CISOs in Africa face unique challenges but also have opportunities to drive change and enhance cyber security practices.

By addressing the talent gap, fostering collaboration towards a better security culture, and prioritising education and training for all demographics, CISOs can play a pivotal role in raising cyber security awareness and protecting organisations in this evolving digital landscape.

It is imperative for CISOs to seize these opportunities and work with both internal advocates and external subject matter experts towards building a secure and resilient digital Africa.

If you would like information about how The Security Company can help you to deliver cyber security training and awareness initiatives and how we help support CISOs as an extension of their cyber security team ... please contact our Head of Business Development and Sales,  Jenny Mandley.

The Security Company's vast library of customised and non-customised products and services are tailored for small, medium and large organisations and are available in a variety of languages. We also offer bespoke solutions for organisations that desire training and awareness materials built from the ground up.