African data breaches: A look at the evolving threat landscape
The past year has seen rapid growth in the demand for internet access across Africa. As in the rest of the world, the pandemic extended its grip into all corners of the continent, and more people than ever were forced to work remotely. This resulted in more people than ever connecting to the internet — 43% of the total African population of 1.37 billion, according to the InternetWorldStats website.
Unfortunately, weak networks and a lack of robust cybersecurity policies and enforcement, coupled with explosive demand for access and services, present a ripe target for cybercriminals. The cost implications are dramatic. Kenyan cybersecurity company Serianu estimated that the cost to African GDP (gross domestic product) was in the region of US$4.1 billion in 2021.
The African Union Mechanism for Police Cooperation (AFRIPOL) studied the African cybercrime landscape and pinpointed the five areas of greatest concern on the continent:
Ransomware: Cybercriminals shut down critical computer systems of businesses, hospitals and public institutions, then demand payment, usually in the form of cryptocurrencies, to restore functionality;
Botnets: Attacks in which networks of compromised machines are used to automate large-scale cyberattacks.
Online scams via phishing: Fake emails or text messages from apparently legitimate sources which are used to trick individuals into revealing compromising information;
Digital extortion: Victims are tricked into sharing sexually compromising images which can then be exploited for the purposes of blackmail;
Business email compromise: Sophisticated cybercriminals gain access to email systems to steal information about corporate payment structures, then find ways to trick employees into transferring money into the hackers’ bank accounts;
“We are witnessing an upsurge in activities related to Cybercrime, especially in this COVID-19 pandemic period,” writes Tarek Sharif, executive director of AFRIPOL, in the agency’s recent African Cyberthreat Assessment report.
“The loss of jobs related to this pandemic and the low economic growth recorded has opened up opportunities for criminal organizations. Hence the special attention that the African Union Commission is paying to the fight against all forms of organized crime: money laundering, transnational crime and cybercrime,” Sharif said.
Despite some rays of light emerging, the bad news still seems to outweigh the good. In 2021, “South Africa had 230 million threat detections in total, while Kenya had 72 million and Morocco 71 million,” according to AFRIPOL.