Data leakages, insider threats, malicious emails and targeted attacks continue to seriously impact business security in Sub-Saharan Africa (SSA), yet only about a third (17) of Africa’s 54 countries have completed a national cybersecurity strategy.

This is according to the Impact of Cyberextortion on Africa report released by KnowBe4 and IDC in June 2022.

The report revealed a complex cybercrime landscape in SSA, with the top threats facing organisations in the region in 2022 identified as data leakage (61%), insider threats (43%); targeted attacks using phishing (37%); cloud-related attacks (34%); and ransomware attacks (30%).

The top five global threats are business email compromise, cloud misconfigurations, software supply chain attacks and non-compliance. Phishing or social engineering attacks remain the second most common type of cybercrime and are evolving in terms of technique and success rates.

These challenges are influencing security strategy for organisations going forward with 43% focusing on security for cloud migration, 40% on strengthening secured access for a distributed workforce, and 36% focused on strengthening customer trust in digital services.

According to research these threats are compounded by budget constraints and that nearly 60% of SSA organisations plan to increase connectivity and IOT use cases over the next 12 months.

Growing investments into cloud, Internet of Things (IOT), connectivity and digital solutions increase the risks alongside the digital benefits, the company and research organisation said.

They stated: “The volume of threats facing organisations in Africa has grown exponentially over the past few years and there is a clearly visible linear relationship between the continent’s gross domestic product (GDP) and cybercrime – as one increases, so does the other, yet only about a third (17) of Africa’s 54 countries have completed a national cybersecurity strategy. This opens up the threat landscape considerably and puts organisations at greater risk.”

Data security maturity

According to the report, 56% of organisations in SSA are in the first two stages of data security maturity which means that many are still struggling to find their security footing in this shifting landscape.

“A lot like trying to find balance in the middle of an earthquake, cybersecurity threats are keeping decision makers and security teams off balance, particularly in light of skill-shortages, budgets and increased regulatory complexity,” the research added.

Anna Collard, SVP of Content Strategy and Evangelist of KnowBe4 Africa.

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, said, “Chief Information Security Officers (CISOs) are struggling to find competent staff that can handle the security alerts they receive while also keeping up with data protection regulations, and building networks capable of withstanding the cyberthreats. In addition, one out of every three companies believes that there is insufficient integration between security and IT teams with 30% saying that hiring and retaining security skills is a challenge.”

Cyberextortion is lucrative. And cybercriminals don’t expect much retaliation from African states, Collard continued.

“This means it is unlikely to stop and very likely to become even more prevalent on the continent. Organisations have to focus on security investments and strategies that will allow to combat this threat with more agility and resilience. This means prioritising a defence in depth model with cloud security; privacy and compliance; choosing the right security service providers and building a security culture among both decision makers and employees.”