With the Covid-19 pandemic upon us, African nations are now heavily dependent on technology and digitalisation to transform their economies, reduce unemployment, curb crime and corruption, enable continental collaboration and more.
Governments and enterprises have started investing heavily into information and communication technologies (ICT), internet of things (IoT) and operational technology (OT)-related projects and upgrades.
But cyber security still remains an afterthought. And this is exactly what cyber security criminals are capitalising on as the number of cyber risks, threats and attacks have constantly been on the rise across Africa.
In October 2020, Uganda’s telecoms and financial services were plunged into crisis due to a major cyber hack that compromised the nation’s mobile money network, which had significantly grown during the coronavirus pandemic. It is estimated that at least US$3 million was stolen in that incident, in which hackers used around
2 000 mobile SIM cards to gain access to the mobile money payment system.
A previous attack had happened in June 2020, in which the second-largest hospital operator in South Africa was hit by a cyber attack in the midst of the Covid-19 outbreak, paralysing the computerised
6 500-bed private healthcare provider, forcing them to switch to manual back-up systems.
Cyberbsecurity analysts in Kenya discovered a total of 37,1 million cyber attacks in the fourth quarter of 2019, which is a 47,2% increase when compared to 25,2 million cyber threats detected in the third quarter of the same year. It is suspected that in 2021 these numbers would double.
In light of increased attacks, countries like Nigeria, Ghana, Kenya, Uganda, South Africa, Mauritius and Egypt are continuously enhancing their cyber-security policies, laws and regulations. These countries have sounded the alarm to businesses and citizens, urging them to improve security measures.
But most countries across Africa still lack a dedicated public cyber security strategy. As a result, all cyber security initiatives relating to Covid-19 have been mostly led by the private sector and associations on the continent. These are rarely enough, as it is a long hard grind for most companies just to cope with the business impact of the pandemic on their day-to-day activities and still a lot has to be achieved.
To address these vulnerabilities in the context of heightened cyber attacks, Africa needs a coordinated and dedicated commitment to cyber security at a time when governments and organisations are already strained by the health and economic consequences brought about by the Covid-19 pandemic.
African states and regional bodies have taken initial steps towards implementing a continent-wide strategy to improve cyber-resiliency, but the vulnerabilities exposed by the Covid-19 pandemic requires these efforts to be accelerated by building the institutional and coordinating mechanisms to better mitigate cyber security threats.
At the Gulf Information Security Expo and Conference 2021 (GISEC2021) some of the questions being asked include:
l What are your country’s or company’s cyber security priorities?
l Are you aware of the different tactics, techniques and procedures used by cyber criminals? and
l Do you need a partner to help implement proactive and reactive controls to enhance your overall security posture?
The African continent, agencies, companies, institutions and civil society must not only pay lip service to their commitment to cyber security, but should work closely with local and international partnership towards the shared objective of their electronic borders, protecting citizens, businesses, and their organisations in this digital age.
This is imperative to protect and prevent more damaging cyber security attacks, which are on the heels of the Covid-19 pandemic, that have devastating impacts on the continent’s infrastructure and services.
Mutisi is the Zimbabwe Information and Communication Technology chairperson, a division of Zimbabwe Institution for Engineers. He presented this paper at the Gulf Information Security Expo and Conference (GISEC2021), held between May 31 and June 2 at Dubai World Trade Centre.