By Antony Mutunga
The number of cybercriminals is on the rise as more and more people are joining up to use different cyber-attacks as a service where they monetize their networks. This is the reason why cyber-attacks such as cryptojacking and ransomware are expected to be on the increase as 2019 wares out.
Emotet, for instance, is a malware originally engineered as a banking Trojan designed to steal sensitive information by eavesdropping on network traffic, which was detected in Kenya. During the start of the year, the information and communication technology (ICT) watchdog, Communications Authority of Kenya (CA) announced the detection of the malware that appeared to target network systems. The Trojan was identified by the National Kenya Computer Incident Response Team Coordination Center (National KE-CIRT/CC), which detected 11 cases where local institutions had been targeted.
The rise in cyber-attacks can also be accredited to the fact that the number of users online continues to increase. According to Statista, an online statistic platform, the number of active internet users as of January 2019 stood at almost 4.4 billion people, rising by 9.1% as compared to the same period in 2018. In fact, according to the Digital 2019 report by Hootsuite and We Are Social, the Middle East, Asia and Africa saw the most increase in terms of internet users annually, recording increases of 11%, 10% and 8.7% respectively.
The more active internet users increase in a region the more cybercriminals are attracted to area. This has seen the number of cyber threats in Africa multiply over the recent years leading to major loses not only for the organizations involved but the economy as whole. Accordance to the Serianu Africa cyber security report 2017, the continent lost $3.5 billion (Sh351 billion) as a result of cyber-crime in 2017. The most affected sectors were the government, financial and SME sectors which made up a majority of the victims.
Despite the rate of internet penetration increasing in the continent, most African organizations have fallen behind in terms of cyber security. Most organizations have not been upgrading their cyber security and thus their security systems have been unable to defend against the cyber-attacks, which also evolve to reach new levels of sophistication.
In fact, according to William Makatiani, CEO, Serianu limited, more than 95% of African organisations in private and public sectors are either operating on or below the security poverty line. It goes without saying that these organizations spend less when it comes to cyber security. An example would be the case of Kenya Revenue Authority, which ended up losing Sh3.92 billion ($39 million) as a result of electronic fraud. This was possible because of lack of a better cyber security.
In order to stop the increasing cases of cyber-attacks in the continent, Africans have decided to create awareness on the different types of cyber-attacks that are to be expected and also ways through which one can be able to secure themselves. Most people are usually unaware of the types of cyber threats, which can come through e-mails, file attachments or pop-ups, thus this leads them to fall victim to hackers and cyber criminals who use the opportunity to siphon money from the users.
There is a need, therefore, to create awareness and make people understand that cyber-crime is as dangerous as physical crime. It has the potential to bring down an individual or an organization. The public needs to understand about ransomware, cryptojacking and other cyber-attacks if they are to stay safe.
Additionally, there is need for awareness on the part of organizations. No longer can organisations rely on the traditional and one-size-fits-all securities as they are not able to address and reduce the potential risks of a cyberattack. It is important for organizations to stop seeing cyber security as a massive expense but as a way to safeguard against potentially bigger loses.
According Ken Munyi, country manager at iWayAfrica Kenya, an internet service provider, the same way the physical security of a business might include burglar bars, security gates and CCTV cameras, a similar multipronged approach is necessary for cybersecurity and should encompass security at the network perimeter and end-point level, together with application, email and web security measures.
“Organisations need to take a proactive approach to enterprise security and view it as a strategic investment as opposed to an onerous expense,” he said.
Apart from just blocking intruders by having the up to date cyber security, organizations also need to set up a management of cyber crises within the company. This way everyone who is a part of the company is aware of what to do in case of a cyber threat. This also minimises the risk of the cyber threat affecting another department and getting access to the company systems.
There is also a need for the government to be involved by improving standards and policies so as to protect individuals and organizations against social risk. The government needs to invest more into cyber-security by putting in place policies that ensure that organizations have security systems that are up to date so as to protect themselves as well as the information of their clients. There is also a need for policies to ensure that organizations report any cases of cyber-attacks so as to alert the economy so that others may be able to secure themselves against the cyber-attacks.
Different African governments such as Rwanda and Uganda have created centres that will assist in cybersecurity. Institutions such as the World Bank have also started projects like the cyber clinic for ECOWAS nations. African governments are putting up different policies to help with cybersecurity however; there is a need to ensure that they are well defined and constructed so that they do not end up breaching the rights of the people. An example would be the recent cyber law in Kenya which has been critiqued for not being well defined and risking the freedom of speech.
Cybercrime is not about to come to an end in the world. All sectors need to prioritize in cybersecurity to ensure the protection of their information. Governments also need to take cyber-attacks seriously as they do physical attacks. Cyber-attacks are able to bring the economy to a standstill so it’s important for Africa as a continent to secure itself against these cyber-attacks to ensure the region’s economy flourishes.