As emerging markets race to join the digital revolution they are fast being hijacked by cybercriminals, who are preying on the fledgling IT environment with potential security weaknesses and using them to launch attacks on territories with more advanced defence strategies.
The United Nations (UN) recently reported that, shockingly, only 38% of countries globally, have a published cyber security strategy, which has highlighted that there is a huge chasm between countries in terms of awareness, understanding, knowledge and the ability to deploy cyber security capabilities and programs “to ensure a safe and appropriate use of technology as an enabler for economic development”.
While many organisations in the West and Central African region are looking to develop and introduce e-services, many are not considering important factors like security gaps, loss of information, and other serious threats.
The increasing adoption of mobile technology, the internet, online banking, e-commerce and social media have marked out developing IT landscapes in countries such as Nigeria, Kenya, and Namibia as targets for cybercriminals who are singling out everyone from consumers to government and commercial organisations as a potential hit.
The cybercrime ecosystem, especially in Nigeria and Kenya, has been hijacked to devastating effects. A Serianu report titled “Demystifying Africa’s Cyber Security Poverty Line”, published in 2017, estimated that the cost of cybercrime in Africa as a whole amounted to $3.5billion in 2017, affecting about 35% of Africa’s population – a rise compared to an estimated $2billion in cyber attacks in 2016. The Serianu report also found that in 2017 cyber crime penetrated 85% of Kenya’s population and 50% of Nigeria’s population, with estimated costs of $210m and $649m, respectively.
The Wannacry ransomware attack, which caused more than 45,000 infected machines globally, was felt strongly in India, which accounted for 5% of all infected machines, according to Kaspersky Labs; however, the African region has been one of the least affected. Hackers have also been known to test spear phishing attacks in French and English speaking African companies to iron out any flaws before launching the malware on advanced nations.
This could be a contributing factor to the overall increase in local threats and infections, with 61.8% of Kenyan users affected, followed by 58.6% in Nigeria, according to the Kaspersky Security Network report for the Q1 of 2018. Top threats experienced were malware spread in local networks, by USBs, CDs, and DVDs.
A recent report by the Inter-American Development Bank (IDB) and the Organisation of American States (OAS) highlighted the fact that four out of five countries in the Latin America and Caribbean regions have “potentially devastating” vulnerabilities. Two out of three countries do not have a command and control centre for cyber security, for example, and the majority of prosecutors lack the capacity to punish cybercrimes. About 60% of organisations do not keep up to date with cyber security trends and 50% of organisations do not have an established cyber security-training program on cyber risks, according to the Serianu Africa Cyber Security report, 2017.
While some countries such as Kenya, Nigeria, and Ghana are working to put cyber security strategies in place, although at varying degrees of maturity, others such as Ethiopia, Rwanda and Lesotho are only just beginning the process.
Opening the doors to cybercriminals
The risks have grown as emerging markets have rushed to join the digital revolution, often without regard for security or viewing it as an afterthought.
According to the We are Social Digital report, published in 2017, there are 362 million Internet users in Africa, which makes up 29% of the continent’s population. Additionally, the number of active mobile social users has increased by 47% since 2016. Nigeria has about 97.2 million Internet users, which means the country’s Internet penetration rate is at 51%. As Africa’s Internet penetration rates continue to rise, the threat of cybercrime becomes more real.
Lack of security best practice awareness, user education and slow government enforcement of security policies are leaving these countries exposed to the possibility of cyber security threats.
Hackers are increasingly operating from developing countries, taking advantage of weak or non-existent security strategies and ultra-cheap for-hire hacking skills on the dark web – which has become of global concern. And it isn’t going to stop anytime soon unless nations pull together.
The UN, along with other stakeholders, is advocating for more co-operation between the developed and the developing world to help train local cyber security experts and assist with the development of effective strategies in this regard. Only time will tell if such collaboration will work – and as security experts acknowledge, time is at a premium.
Emmanuel Tita Sama is Sales Director, West and Central Africa, Orange Business Services.