Examining Africa’s imperative to strengthen cyber defences

Cybercriminals target African economies in much the same way as their European or North American counterparts. “The numbers show that everyone is being hit equally hard,” said Charl van der Walt, head of security research at Orange Cyberdefense, on the first morning of the summit.

Although the number of cyberattacks in Africa may be slightly lower than in other parts of the world, van der Walt believes this doesn’t necessarily mean that cybercriminals are more actively targeting larger economies than smaller ones. “What we’re seeing isn’t the bad guys saying, ‘Let’s find American companies to hack.’ Rather, they appear to be throwing mud at a map and seeing where it gets stuck, suggesting the aiming is less intentional and more opportunistic.”

Everyone is a target

What van der Walt emphasized, however, is that the landscape appears to be changing. As law enforcement agencies in many of the hardest-hit countries ramp up their crackdown on large cybercrime syndicates, these hackers are quickly looking for alternatives. “Similarly, as the number of criminal groups grows, the market for this type of crime is shrinking,” he says. “This, too, is driving criminals to look elsewhere.” With that in mind, it’s inevitable that hackers will come for smaller economies like those in Africa.

Jonas Bogoshi, CEO of ICT company BCX, also said at the event that this trend is of great concern. According to him, 0% of major board members in South Africa have cybersecurity experience, while only around 8% have some understanding of social networking and digital technologies. This is in contrast to large CIOs at Fortune 500 companies, of which 8% have cybersecurity skills and 40% have digital technology expertise.

Everything is a goal

As more companies adopt digital means of interacting with their customers and use technology to transform business models, an increase in cyberattacks is expected, as well as an evolution in the methods and types of assets these cybercriminals attempt to steal. “When the physical world and the digital world come together, everything we do online is under threat,” Bogoshi says, citing how a ransomware attack accessed and encrypted a local radio station’s entire content library.

Another phishing attack targeted the minutes of a board meeting of a major South African manufacturer as the company was conducting extensive M&A activity. As hackers get smarter, not only do they steal data, they also analyze the stolen information to identify various assets that they can use to further blackmail victims. All too often, we are vulnerable to attack when we don’t know what your assets are and therefore don’t put in place the necessary processes and procedures to secure them, added Paul McKay, senior analyst at Forrester.

So what to do? van der Walt suggests that community-led initiatives like a cyber neighborhood watch could be the answer. These partnerships should be between a wide range of different actors, from security professionals to governments that want to make our digital world safer. It is about organizing a group of people affected to try to solve the problem together. And others agree.

Phillimon Zongo, CEO of the Cyber ​​Leadership Institute in Australia, and Sandro Bucchianeri, Group CSO at NAB Australia (formerly Absa’s Group Chief Security Officer), who also attended the event, described cybersecurity as a community effort. “Given the complexity of cybersecurity, it’s pretty tempting for cyber executives to think they know everything, but the days of the lone wolves are over,” Zongo said. “Cybersecurity has to be a team sport,” said Bucchianeri. “It’s extremely important to make sure you have enough players on the field,” he adds, adding that there really is safety in numbers.

The right support structure

Unfortunately, more than half of cyber leaders worldwide are finding it difficult to respond to current challenges due to skills shortages. “Cybersecurity is actually quite simple,” says Bucchianeri. “You have to get the basics right and execute your plans well. While I understand that this can be difficult to pull off when you have limited resources, you need to focus on what you can do to push the wheel as far as possible.”

When it comes to securing corporate adoption and ensuring that cybersecurity efforts align with broader business objectives, the suggestion that cybersecurity is a team sport is even more important. “The challenge for cyber leaders is learning to communicate the importance of cybersecurity to those who don’t fully understand the risks,” Zongo said. “If the CFO or some other non-technical executive doesn’t understand a cyber risk report, it’s unlikely that others will understand it either.” So if you articulate the risks well, the resources will flow to efforts and initiatives to address those risks .

Today, cyber leadership is fraught with challenges. But the security leaders driving lasting change have done so by avoiding unnecessary jargon, developing good relationships with key business stakeholders, and understanding that the measure of effective security depends on the well-being of others. “If you want to go fast, go alone. If you want to go far, go together,” said Bucchianeri, citing a well-known African proverb. “This is one of the most important things you can do to make your cybersecurity program a success.”