Is Africa heeding the WannaCry wake-up call?
Is Africa heeding the WannaCry wake-up call?
According to cyber security experts, South Africa and the Ivory Coast bore Africa's brunt of the global WannaCry ransomware attacks in May.
Data sourced by Simon Bryden, Consulting Systems Engineer at Fortinet, suggested that after South Africa and the Ivory Coast, Nigeria, Egypt and Algeria were also key targets.
Fortinet said that ransomware has become the fastest growing malware threat and according to tracking analysis, there has been an average of over 4,000 ransomware attacks daily since 1 January 2016.
According to Panda Security, African organisations and governments are no longer immune to the efforts of today's cyber-criminals.
"The drive for profitable attacks by cyber-criminals has seen the number and severity of attacks increase rapidly over the last few years. In the light of these changes, it is imperative that industry stakeholders collaborate and share their knowledge of products and best practices," the company has stated.
At the Cyber Secure Nigeria conference, Jeremy Matthews, Regional Manager at Panda Security Africa, explained that the traditional blacklisting philosophy of AV, based on what is known, worked well in the 90's. However, given the sheer volume of variants and the challenge of trying to stay ahead of new variants, conventional AV alone is not enough.
"In the past few years organisations have moved from having relatively closed networks with clearly defined perimeters to Cloud technologies and multi-device environments, resulting in increased complexity and risk," he added.
Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. The researchers were able to track 34,300 attack attempts in 97 countries. The average pace as of today is one attempt in every three seconds – indicating a slight decline since the original pace registered two days ago, of one attempt per second. The top country from where attack attempts were registered is India, followed by the USA and Russia.
Rick Rogers, Area Manager for East and West Africa at Check Point Software Technologies said, "Although we see it slightly slowing down, WannaCry still spreads fast, targeting organisations across the world. WannaCry is a wake-up call, showcasing how damaging ransomware can be and how quickly it can cause disruption to vital services."
Symantec has observed 24 million malware incidents targeting Africa in 2016. As some malware incidents probably go unobserved, the real number of incidents may be much higher.
In a 2013 report from Symantec, cybercrime was increasing at a faster rate in Africa than any other region.
New guidelines
The Internet Society and the African Union Commission unveiled a new set of Internet Infrastructure Security Guidelines for Africa during the African Internet Summit, currently on in Nairobi until 2 June.
The guidelines are said to be the first of their kind in Africa and those behind its introduction believe it will help the continent create a more secure internet infrastructure and change the way African Union states approach cyber security preparedness.
"They will help AU member states strengthen the security of their local Internet infrastructure through actions at a regional, national, ISP/operator and organisational level," read a statement from the organisations.
Africa's cyber security environment faces a unique combination of challenges, including a lack of awareness of the risks involved in using technology. Kenya was ranked the 69th most vulnerable country (out of 127) in the 2015 Deloitte Global Threat Index. Some of the main reasons are: low awareness, underinvestment, talent shortage and overload of data.
Deloitte further estimates that Kenya lost US$171 million to cybercrime in 2016.
"Africa has achieved major strides in developing its Internet Infrastructure in the past decade. However, the Internet won't provide the aspired benefits unless we can trust it. We have seen from recent experiences that Africa is not immune from cyber-attacks and other security threats. These guidelines, developed in collaboration with the African Union Commission, will help African countries put in place the necessary measures to increase the security of their Internet infrastructure," explained Dawit Bekele, Africa Regional Bureau Director for the Internet Society.
Africa's cyber security environment faces a unique combination of challenges, including a lack of awareness of the risks involved in using technology
"This is another timely milestone achievement given the new security challenges in cyberspace," said Moctar Yeday, Head, Information Society Division, African Union. "The Commission of the African Union will continue its partnership with the Internet Society on a second set of guidelines addressing personal data protection in Africa," he added.
According to ITU ICT Facts and Figures 2016, it is estimated that 25.1% of Africans are now online and despite lower Internet access rates vs. other regions in the world, there has been a sustained double-digit growth in Internet penetration over the past 10 years.
This is due in large part to an increase of mobile Internet and in more affordable smartphones in the market and Africa's young, technology-savvy population. However, to continue to improve access and connect the unconnected, people need to trust the Internet.