Sophisticated malware, software security breaches, mobile scams—the list of cybercrime threats is growing. Yet African nations continue to fall short of protecting themselves and must constantly grapple with the impact.
A new study from IT services firm Serianu shows the pervasive nature of cybercrime across the continent, affecting businesses, individuals, families, financial institutions, and government agencies. The study shows how weak security architectures, the scarcity of skilled personnel and a lack of awareness and strict regulations have increased vulnerability. Cybercrime cost the continent an estimated $3.5 billion in 2017.
The report found more than 90% of African businesses were operating below the cybersecurity “poverty line”—meaning they couldn’t adequately protect themselves against losses. At least 96% of online-related security incidents went unreported and 60% of organizations didn’t keep up to date with cybersecurity trends and program updates. (In addition, at least 90% of parents didn’t understand what measures to take to protect their children from cyber-bullying.)
Many official agencies didn’t know the extent of the digital risk they faced even as governments, including Kenya and Tanzania, have been automating services—making them prime targets. Dozens of sites belonging to the Kenyan and Nigerian governments have been hacked in recent years, highlighting their vulnerability. Last year, 50 students from one of Africa’s oldest universities, Makerere in Uganda, were removed from the list of graduates amid allegations of grade-tampering. Banks and internal-revenue authorities are getting hit the most, especially through their web apps.
The report says outdated systems must be upgraded and more employees and individuals need training. Contracting firms and vendors need to be monitored to prevent the introduction of further risks. And dealing with cybercrime will continue to be problematic: Even though the cyber security market will be worth $2 billion by 2020, Africa has yet to produce a single commercially viable cybersecurity product or solution.