Ground patrol means everything in Africa's IT security
Ground patrol means everything in Africa's IT security
Africa is not immune to IT security threats. Countries like Botswana, Nigeria and South Africa have made headlines this year because of their prominence on security threat indexes and check systems used by IT security vendors to track threat levels and attacks.
Digital security red flags seem to be springing up on the continent. In April Nigeria was reported to be losing in the region of 1% of its GDP (approximately NGN127-billion) to cybercrime. Cyber security specialists in Botswana have also voiced their concern over the lack of preventative measures and steps to strengthen information security control taken by both the public and private sectors.
South Africa is understood to have climbed up the rankings of countries most vulnerable to cybercriminals, with more businesses said to be approaching security services providers for help with increasing rates of ransomware.
Most recently global operator in security software and solutions Trend Micro Incorporated announced its collaboration in the arrest of the head of an international criminal network suspected of stealing more than US$60 million through business email compromise (BEC) scams and CEO fraud.
It is not surprising that Africa would feature prominently in the service delivery and customer engagement strategies devised and enforced by IT security companies.
What may not be too well known, though, is the somewhat unique approach taken by these companies to engage the continent – given the continent's diverse population and geographic range.
Digital security solution and services specialist ESET is a good example. ESET Southern Africa and ESET East Africa are two strategic but separate silos, the former responsible for South Africa and Namibia, the latter for the rest of sub-Saharan Africa.
ESET East Africa is entirely focussed on key markets including Kenya, Mauritius and Zimbabwe, but its mandate is to serve the broader East African region.
Alistair Freeman, CEO of ESET East Africa, explains the strategy in more detail. "In terms of strategy let me take Kenya as an example - we now have two people working in Nairobi and they have a much better feel of how the market works and what the market needs in terms of internet security. From a Kenyan perspective they now have a local support team and they feel a lot more comfortable with that than calling South Africa for support."
Freeman emphasises the importance of being present in the regions a company services, especially in terms of software distribution. "Since we have been focussing on these regions we have seen a big uptick in revenue. We are doing a lot of visits to each of the countries, meeting partners and understand their pain points etc. Software distribution like most business, is about a strong product but, very importantly, it is about personal relationships and strong support."
While some businesses have previously taken on the Africa market and not lived to tell the tale, there are those that have adapted quickly, channelled the benefit of 'on the ground presence' and successfully tapped into the opportunities within emerging markets.
Freeman says local presence and being on site to offer the necessary support has helped the company secure valuable larger enterprise deals. "To date the bulk of our client base is the SME market. Whilst we have put a lot of effort into the enterprise space, we are only now starting to see an uptick in sales and this is in the East African market. We attribute this to local presence."
Solution to challenges
According to ESET, many businesses within the emerging market (especially SMEs) are looking to secure the best protection but lack the technical expertise to manage a complex installation and ongoing configuration. These businesses also require systems that require minimal resource utilisation and are able to integrate with older hardware and legacy systems.
Although the scarcity of skills, cost and available budget continue to impact on technology investment, however, the reality is that there is a growing interest in risk and solutions.
"Cost and more specifically budget is much bigger issue in some of our regions where their local economy has taken a significant downturn in recent times. They just don't have the same level of budget allocated to internet security. Having said that there are a number of countries including Kenya, Rwanda and Ethiopia where there is a growing focus on cybercrime and with that we are seeing much bigger budgets being allocated. Resources are there as well but it requires time – you need to embed yourself in the market to understand what types of local resources you need – it is not just a case of hiring and air-dropping them in a country - they need to be local, they need to be skilled in internet security – it is something we are doing on a phase by phase basis starting with Mauritius and Kenya," Freeman continues.
Threats to Africa's business networks and end-users continue to escalate. In May this year ESET South Africa quoted a Data Breach investigation report by Verizon which stated that over a period of a year, it recorded a 16% increase in ransomware attacks.
Moreover, according to a worldwide cybercrime survey conducted by market research firm Columinate, South Africa is the third highest cyber crime hotspot globally.
"Yes cybercriminals are getting more ingenious and you certainly need to be adding a lot more to your layered stack of security measures but antivirus is a necessity. Beyond that a key factor is the "human risk" and the need to ensure your staff is well trained and understand the risk related BYOD, Social media, spear-phishing and social engineering. On the software side the area with the most growth other than AV is certainly backup and disaster recovery. With the focus on data and risks like ransomware, the need to be up and running in the event of a disaster is becoming key," says Freeman.
He adds that while ransomware frequently makes headlines, the bigger risk is corporate and personal data, and the fact that most people access the internet via mobile devices.
"Very few of these devices have protection from cyber criminals. Further the users are very active on social media and very often use their devices for corporate purposes as well (BYOD), as well as doing the majority of their financial transaction on their phones. For me the mobile phone and the lack of awareness of mobile phone users is the biggest issue to be dealt with," he says.
Looking ahead, ESET plans to pursue its individual country approach and, where it makes sense, will regionalise its support. "Further down the line the west African market is an obvious region to explore in more detail," Freeman confirms.