Africa’s threat landscape has changed … and it’s getting more serious
This year cyber security experts have warned that Africa’s cyber threat surface continues to increase and the continent remains as susceptible to cyber risks as its overseas counterparts. In September, Liquid Intelligent Technologies released the Cyber Security Report 2021 which affirms that remote working has increased the risk and that 90% of IT decision-makers across Kenya, South Africa and Zimbabwe have amplified focus on cyber security.
The threat landscape has changed and changed significantly, according to cyber security experts.
The study established some of the main concerns about cyber security threats and the most significant impacts of digital breaches on an organisational level.
A critical insight from the research suggests that 79% of businesses from all three countries attribute an increase in cyber security threats to the advent of remote working.
Data breaches like data extortion, data leakage and data disclosure constitute almost 71% of the cyber-attacks for Kenyan businesses, and over 70% of South African and Zimbabwean organisations consider email attacks like Phishing the most prominent digital threats.
The participants from the research also indicated an increased consumption of Cloud-based services this year, with the numbers being as high as 96% in South Africa, 95% in Kenya and 75% in Zimbabwe. This comes from a jump in Microsoft Office 365, Teams, Zoom, Google Workspace, Microsoft Azure, and Amazon Web Services.
Consequentially, Cyber Security threats and concerns seem to be spiralling up as the workforce continues to shift to working through digital platforms. According to the research, managing user access to information, data loss and recovery, visibility and control of data, and compliance challenges remain some of the biggest concerns for organisations. Almost 80% of organisations that participated in this research from Zimbabwe, South Africa and Kenya agree that Cyber Security threats have increased over the past year.
When segmented by respondents working specifically in large enterprises, the research permitted a more informed audience and knowledgeable opinions. According to the study, an emerging trend for 2021 is that 53% of the respondents emphasise security and data protection as significant concerns.
Some of the biggest security concerns cited by businesses using Cloud services are managing user access to information, data loss, recovery and lack of security controls made available by Cloud providers. The research also pointed out Email attacks, Web-based attacks, Social Engineering, Malware, Ransomware and Data Breaches to be the top concerns around Cyber Security in 2021.
Ignus de Villiers, Group Head of Cyber Security, Liquid Intelligent Technologies, says, “The result of our research confirms that Cyber Security should be at the centre of every business conversation and emphasises the need to establish an appropriate Cyber Security Framework that matches the business environment. Critically, the framework must look beyond technical security controls to include information security management covering governance, risk, compliance, people, processes and technology”.
Africa cannot be ‘weakest link’
In June this year, during ITWeb Security Summit 2021, Abdul-Hakeem Ajijola, chair, African Union Cyber Security Expert Group, said listed the growing need for user awareness as one of the challenges. This includes passwords, remote end points, cyber hygiene updates, and user behaviour regarding opening suspicious files or links.
“This is really the foundation of cyber defence, arguably can be considered as one of the components of contemporary national security. Addressing cyber multi-threats requires a global multi-stakeholder collaboration... No one country, no one organisation, no one person can do it alone. Part of our concern is that we in Africa shouldn’t be the weak link, because once you have a weak link, it undermines the global value chain.”
Although Africa is not necessarily considered a focus area for the more sophisticated types of cybercriminal activity such as targeted attacks or advanced persistent threats (APTs), the continent is certainly not immune to these or other types of cyber risks, warn Kaspersky researchers.
According to Kaspersky research, in 2020, worldwide, approximately 10% of computers experienced at least one malware attack.
It showed that in some African countries, including South Africa, the figure was only slightly under the global 10% average, making the African region comparable to that of North America or Europe in terms of cyberattacks.
On some parts of the continent, in countries like Liberia Tunisia, Algeria and Morocco as examples, Kaspersky has seen a slightly higher rate, while other parts show a lower rate – a 5% or 6% average. For the first quarter of 2021, the figures are only slightly lower than 10%, both in relative and absolute terms.
From a Liquid Intelligent Technologies point of view, de Villiers added that COVID-2019 served as a catalyst that pushed businesses to transform themselves overnight. “While the digital transformation has brought many new opportunities, as we have seen from the results, a significant increase in cyber attacks and the threat landscape has changed significantly.”
Dr Craig van Rooyen, Chief Commercial Officer of Liquid Intelligent Technologies, South Africa, added: “Different customers are giving us different statistics across various segments. About 640% increase as a percentage is the number that’s been flouted by customers at the moment, and most of them are actually due to phishing, and that’s been exacerbated by the COVID-19 pandemic. Typically, the feedback that we are getting from customers are that cyber criminals – particularly in South Africa - are exploiting the situation or the lockdown situation and that’s mainly because people are working flexi time, working from home. They’ve given us feedback that hackers are taking advantage of the attack surfaces that is being presented to them at this time.”
Richard Muthua, Head of Solutions and Corporate Sales, Liquid Intelligent Technologies, Kenya, said there are a huge number of people working from home. “As more people work from home, control is becoming more difficult. And we are finding that organisations are struggling to control how people work from home, how they are using the devices that are either provided by the business, their companies, or their own personal devices connected to the enterprise network to work. Companies are finding themselves more exposed. There is an absolute need for staff awareness and training.”