Cyberextortion has grown rapidly at the global level, and Africa is no exception. The continent has certainly become the target of many cybercriminals over the last few years. To address rising cybercrime rates, the African Union Convention on Cyber Security and Personal Data Protection (a treaty that is also known as the Malabo Convention) was drafted in 2014. However, only 14 out of the 54 countries in Africa have signed this treaty, and only eight had ratified the treaty at the end of 2020.
The result of the International Data Corporation (IDC) Security Survey 2022 sponsored by KnowB4 Africa reveals that nearly all organizations in Sub-Saharan Africa (SSA) have embedded security into the new initiatives launched by their IT departments — either during planning assessments or after project execution. It also reveals that the volume of threats facing organizations in Africa has grown exponentially over the past few years and there is a clearly visible linear relationship between the continent’s gross domestic product (GDP) and cybercrime. As one increases, so does the other, yet only about a third (17) of Africa’s 54 countries have completed a national cybersecurity strategy. This opens up the threat landscape considerably and puts organizations at greater risk.
KnowBe4 Africa is the provider of the world’s largest security awareness training and simulated phishing platform and it is used by more than 50,000 organizations around the globe while IDC is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, it offers global, regional, and local expertise on technology, IT benchmarking and sourcing, and industry opportunities and trends in over 110 countries.
The report further gives an insight into the top threats facing organizations in SSA in 2022 as data leakage (61%), insider threats (43%); targeted attacks using phishing (37%); cloud-related attacks (34%); and ransomware attacks (30%). The top five global threats are business email compromise, cloud misconfigurations, software supply chain attacks and non-compliance. Phishing or social engineering attacks remain the second most common type of cybercrime and are evolving in terms of technique and success rates. These challenges are influencing security strategy for organizations going forward with 43% focusing on security for cloud migration, 40% on strengthening secured access for a distributed workforce, and 36% focused on strengthening customer trust in digital services.
According to the report, 56% of organizations in SSA are in the first two stages of data security maturity which means that many are still struggling to find their security footing in this shifting landscape. A lot like trying to find balance in the middle of an earthquake, cybersecurity threats are keeping decision makers and security teams off balance, particularly in light of skill-shortages, budgets and increased regulatory complexity.
“Chief Information Security Officers (CISOs) are struggling to find competent staff that can handle the security alerts they receive while also keeping up with data protection regulations, and building networks capable of withstanding the cyberthreats,” says Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa. “In addition, one out of every three companies believes that there is insufficient integration between security and IT teams with 30% saying that hiring and retaining security skills is a challenge”, he said.
Cyber Extortion is lucrative. And cybercriminals don’t expect much retaliation from African states. This means it is unlikely to stop and very likely to become even more prevalent on the continent. Organizations have to focus on security investments and strategies that will allow them to combat this threat with more agility and resilience. This means prioritizing a defense in depth model with cloud security; privacy and compliance; choosing the right security service providers and building a security culture among both decision makers and employees.
South Africa, Nigeria and Kenya are some of the African countries most impacted by cybercrime. Organizations in these countries lose millions of dollars annually to cyber extortion such as ransomware and other cyberattacks. These amounts are set to grow over time unless local organizations drastically improve their cybersecurity strategies and security cultures. However, only a third of Africa’s 54 countries have established national cybersecurity strategies.