In the medieval era, defense was about fortresses and knights, walls, and weaponry—a physical manifestation of protection against visible threats. The concept of defense in the IT world is fundamentally different today as compared to decades ago. I recall a time when threats were rudimentary, often limited to simple viruses or physical breaches like stolen floppy disks.
Our culture of defense revolved around basic firewalls and anti-virus software, in a way our medieval soldiers guarding the gates. However, in today’s digital age, we face a cyber culture that demands a more sophisticated approach. The threats have evolved into a complex web of cyber-attacks, data breaches, and digital espionage. Dominated by invisible attacks, and fear of the unknown. Just as the tools of war have advanced from swords to cyber weapons, our strategies for digital defense must evolve to combat the relentless cyber storm.
The digital landscape in Africa is evolving rapidly, yet the region faces significant challenges in cybersecurity due to inadequate protective measures, insufficient legislative frameworks, and low public awareness. According to the Cybersecurity Threatscape of African Countries Report 2022–2023, this lack of preparedness results in substantial economic losses, averaging 10% of GDP for affected countries.
Financial organizations and telecommunications companies are primary targets for cybercriminals seeking financial gain through attacks such as data theft and extortion. Ransomware remains a significant threat, with compromised computers, servers, and network equipment often exploited due to vulnerabilities and configuration flaws.
Social engineering attacks, especially Business Email Compromise (BEC), are prevalent, with over half of BEC groups operating within Africa, leveraging regional familiarity to their advantage.
With the widespread adoption of mobile money services across Africa, cybercriminals are increasingly targeting these platforms to exploit vulnerabilities and steal funds. Telecom companies are implementing advanced security measures, such as multi-factor authentication and end-to-end encryption, to protect users.
The rise in mobile money usage underscores the urgent need for robust security frameworks to safeguard financial transactions and maintain user trust in digital financial services.
But can we overlook the fact that interoperability, and open APIs, which have significantly driven financial inclusion, also add layers of complexity and vulnerabilities? It is essential to recognize that banks and other sectors that heavily rely on telecommunications and mobile money infrastructure must also invest in robust systems that protect all parties end-to-end.
Read Related: Addressing Barriers to Digital Adoption: Insights from Vodacom’s Managing Director
According to the World Bank and Global Financial Inclusion Index, mobile money has gained a significant amount of worthy attention in Sub-Saharan Africa over the past decade as it has helped expand access and usage, resulting in the doubling of account ownership since 2011, deepening financial inclusion. Telecoms must continue to invest in their infrastructure, not only to protect their networks but also to ensure the security and stability of the entire financial ecosystem.
At the core of this digital transformation is a critical element—our people. A growing shortage of professionals will increasingly complicate cybersecurity efforts. The current global cyber security workforce gap stands at more than four million people with demand growing twice as fast as supply. Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025. Without skilled personnel, it is more difficult to predict and prevent incidents, which could mean more losses in the future.
With a median employee age of 19, Africa is set to have the world’s largest workforce by 2100. By 2050, the United Nations projects Africa’s population to reach nearly 2.5 billion, making up over 25% of the global population. Africa’s genetic, linguistic, cultural, and economic diversity is vast, with between 1,000 and 2,000 languages, about a third of the world’s languages.
At least 75 of these languages have more than one million speakers. While such diversity is a positive outlook and something we should be honored to have, it also poses a substantial challenge in terms of technology and cybersecurity adoption, especially when content is predominantly in English. How can we ensure that our diverse and growing workforce is equipped to defend against the sophisticated cyber threats of today and tomorrow?
The shortage of cyber security experts also impacts the cost of an incident. Organizations with a high level of security skills shortage had a US$5.36m average data breach cost, around 20 per cent higher than the actual average cost, according to the IBM Cost of a Data Breach Report 2023. The collective mindset, practices, and behaviors of our workforce form the bedrock of our security culture. It’s not merely about technology but about nurturing a culture of awareness and responsibility.
Cybersecurity challenges are multifaceted. Sub-Saharan Africa’s economy, which saw growth slow to 3.3% in 2023 from 4% the previous year, grapples with limited resources, urgent humanitarian needs, and high youth unemployment. These factors often push cybersecurity down the priority list.
The KnowBe4 2024 Report on Security Culture for Africa identifies Kenya, Nigeria, and Ghana as pioneers of security culture progress, boasting more mature cybersecurity strategies driven by proactive local governments. Kenya’s banking sector, in particular, outshines others with an impressive security culture score of 83. These nations exemplify how robust policies and dedicated efforts between the public and private sector, can foster a resilient security culture.
Also, don’t miss out: Digital Dream vs Reality: Tanzania’s Tech Ambitions Meet the Global Innovation Race
Is awareness alone enough? Cognition—our deep understanding of cyber threats—lags behind. This cognitive gap leaves us vulnerable, even as our awareness grows. We must move beyond recognizing the importance of cybersecurity to truly understanding and integrating it into our daily lives and behaviors.
The rise of artificial intelligence (AI) adds another layer of complexity. While AI holds promise for enhancing our defenses, it also amplifies the threats we face. Generative AI, capable of creating convincing deepfakes, poses new challenges that require urgent attention.
Can we afford to ignore the fact that threat actors are already harnessing AI-powered language models, such as ChatGPT, to write code? Generative AI empowers even less skilled threat actors to develop new strains and variations of existing ransomware, potentially amplifying the frequency of their attacks. As the future promises an uptick in AI utilization by malicious entities, it is clear that our cybersecurity measures must become even more robust.
Our journey towards digital resilience demands a holistic approach—one that blends regulatory frameworks, technological advancements, and a deeply ingrained security culture. Public-private partnerships, capacity-building initiatives, and widespread education campaigns are vital. As we prepare for major elections and other significant events, the need for cybersecurity awareness becomes even more critical.
Africa’s path to digital resilience is fraught with challenges but overflowing with potential. Fostering a robust security culture, empowering our youth, building a skillset fit for the storm, and bridging the cognitive gap, can transform our vulnerabilities into strengths.
This is not the job of one institution, but all institutions. Without this unified effort, the effectiveness of our initiatives will remain limited, and our progress will be stunted.
