[column] Marlene Mutimawase: Is Africa ready to fight cybercrime?
Globally, businesses lose an estimated $1 trillion a year to cybercrime. Whether it's ransomware attacks, phishing scams, cryptojacking or malware, cybersecurity threats are on the rise as the world tends to become a "global village."
As African businesses grow in number and scope, the importance of cybersecurity in Africa needs to be reiterated. More and more Africans are going online, increasing the continent's contribution to the global economy. Everyone, from businesses to governments to individuals, must learn to protect their data and digital sovereignty.
African countries are often mistakenly referred to as the countries where most cybercrime originates, but this has always proven to be false. China, Russia, Brazil, India, and the United States have consistently topped the rankings, while only one African country-Nigeria-has often appeared on some of these lists.
While many African countries do not pose the greatest cybersecurity threats, they are no less vulnerable to cyberattacks. Interpol's Africa Cyber Threat Assessment Report indicates that more than 90 percent of businesses on the continent operate without the necessary cybersecurity protocols in place. In 2021, cybercrime reduced the GDP of all of Africa by 10%, resulting in a loss of $4 billion.
The top 5 cyber threats are online scams, digital extortion, business email compromise or BEC, ransomware, and botnets, and most were distributed via email. Last year alone, more than 679 million cybercrime-related emails were detected, 219 million of which originated in South Africa.
The increase in these threats is accompanied by the development of cybersecurity organizations like Ciberobs, an Ivorian cybersecurity company that provides analysis, information and tools to governments and businesses.
Some countries are on their way...
Crime remains a serious problem in South Africa and is therefore a priority for the government.
Investment and growth require a safe, stable and crime-free environment. More importantly, it is fundamental to the aspirations of all to live in safety, peace and comfort.
Police visibility, effective training and better staffing of police stations are the government's priorities. The government has prioritized its response to the growing problem of criminal groups extorting money from construction and other companies.
Specialized units - combining the South African Police Service (SAPS) and the National Prosecuting Authority - are mandated to combat these economically disruptive crimes.
To support the growth of the tourism industry, the SAPS will increase visibility at identified tourist attraction sites. It is training tourist security monitors and will establish a police reserve to focus on policing tourist attraction areas.
South Africa has also set up a shared 'Crime Stop' hotline: 08600 10111
where are the other countries?
Cybercrime affects all countries, but weak networks and security make African countries particularly vulnerable.
While Africa has about 500 million internet users, that's only 38% of the population, leaving huge potential for growth. Africa has the fastest growing telephone and Internet networks in the world, and makes the greatest use of mobile banking.
This digital demand, coupled with the lack of cybersecurity policies and standards, exposes online services to major risks. As African countries move to integrate digital infrastructure into all aspects of society-including government, banking, business, and critical infrastructure-it is critical to have a robust cybersecurity framework in place.
As far as the African continent is concerned, there is less data available, which shows the lack of tools to measure and monitor cybercrime.
However, by way of illustration: a study conducted by International Data Group Connect showed that each year, cybercrime costs the South African economy an estimated $573 million. For the Nigerian economy, the cost was estimated at $500 million, and for the Kenyan economy, at $36 million.
Another study by Deloitte in 2011 found that financial institutions in Kenya, Rwanda, Uganda, Tanzania and Zambia suffered losses of $245 million due to cyber fraud.
Several Zambian commercial banks were robbed of more than $4 million in the first half of 2013 as a result of a complex cybercrime scheme involving Zambians as well as foreign nationals.
In Francophone Africa, the phenomenon is most prevalent in the major regional economies. For example, in 2013, the estimated cost of cybercrime in Côte d'Ivoire was 26 billion CFA francs (3.8 million euros). In Senegal, the cost was estimated at 15 billion CFA francs (22 million euros).
At an international forum on cybercrime in 2016 in Dakar, Charles Kouamé, in charge of governance at the Ivorian Telecommunications Regulatory Authority, pointed out that 1,409 complaints were filed and followed up by Ivorian courts last year. According to him, the overall volume of web fraud in the country seems to have started to decrease, from 5.8 billion CFA francs (€8.9 million) in 2014 to 4 billion CFA francs (€6.1 billion) in 2015.
These figures show the scale of the problem in a part of the world that is currently experiencing exponential growth, fueled by rising commodity prices and the boom in the technology sector, to which one could add the rising incomes of the middle classes. Even if they can't buy the usual computer "kit" (PCs, printers, routers, etc.), they can now connect to the Internet with smartphones, as the prices of these devices have dropped considerably over the last ten years.
In most French-speaking countries, "new" computers are offered with two options: "free back" (without operating system) or, in most cases, an option with pirated operating systems.
Needless to say, counterfeit programs are subject to code modifications, with the introduction of lines of malicious code and Trojan horses that expose most machines to the activities of cybercrime networks.
The net result is that the African continent has become a nest of cybercriminals of all kinds. For example, those who specialize in "419" fraud, named after Section 419 of the Nigerian Criminal Law which criminalizes fraud and specifies fines and other penalties for such offenses. Other criminals operate on a larger scale, using sophisticated criminal networks.
Indeed, according to a 2015 estimate by the international software security group Kaspersky, three African countries are in the global top 20 countries with the highest rate of computers infected with malware. These are: Somalia (6th), Algeria (14th) and Rwanda (16th).
The growth of these threats is accompanied by the growth of cybersecurity organizations like Ciberobs, an Ivorian cybersecurity company that provides analysis, information and tools to governments and businesses. Ciberobs also organizes an annual cybersecurity conference - the Cyber Africa Forum (CAF) - where decision-makers from all sectors come together to highlight the cyber threats facing Africa and how to address them.
Some regions are doing better than others, Kenya, and East Africa in general, are making a lot of progress, in part due to the growth of the mobile money sector. There are also other countries that are more advanced because they need the economic advantage; there is a danger and a risk involved, and they need to address it.
Countries like Morocco, Mauritius, Kenya, Togo, South Africa, and even Côte d'Ivoire are putting cybersecurity at the top of their priorities. Côte d'Ivoire, for example, is taking the issue very seriously, as the country has been subject to global financial restrictions due to increased cybercrime in the country.
African countries need to prioritize anti-cybercrime measures to minimize losses and work on effective ICT policies.