As individuals around the world increasingly embrace digital platforms, the focus on cybersecurity has increased. For developing economies with weaker security protocols, going digital means they could constantly be susceptible to cyberattacks.
Policies like the European Union’s General Data Protection Regulation (GDPR) and the National Data Protection Regulation (NDPR) of Nigeria’s NITDA were put in place to protect individuals and organisations from cyber threats, among other things.
According to a 2019 report by IT services and consulting firm, Serianu, Africa lost an estimated $3.5 billion to cybercrime in 2018, up from $2 billion in 2017.
Of the countries surveyed, Nigeria was the hardest hit with losses of $649 million, followed by Kenya with $210 million, and Tanzania with $99 million.
The report points out that these losses were byproducts of increased digital adoption and the neglect of necessary security protocols by companies across different sectors in Africa.
Mr Vipin Chawla, Chief Technology Officer, Eat’N’Go Limited; Mr Opeyemi Okesola, Deputy Chief Information Officer, African Alliance Insurance; and Mr Dele Adeyemo, Group IT Manager, Dufil Prima Foods Limited, discussed this in a panel session during the 2020 Cyber Africa Summit in Lagos.
All panellists unanimously agreed that most companies, especially those in Africa, usually spend more after a security breach rather than before.
Adeyemo of Dufil Prima Foods reveals that cyberattacks are still regarded as distant from Africa by most companies and in the event of an attack, the details are not revealed.
According to Pratik Roy, Business Group Director, Security & Modern Workplace, Microsoft, companies only recently made cybersecurity a priority and are beginning to put technologically advanced systems in place to protect themselves.
However, while companies put up firewalls to guard against cyberattacks, Roy believes that more than just firewalls and advanced processes are needed to truly prevent cyber threats.
Humans, firewalls and cyberattacks
Between technology, processes, and humans in an organisation, Roy and other panellists chose humans to be the weakest link in any security system, especially those with insufficient knowledge of cyber threats and protocols to follow when using digital devices.
Roy believes that regardless of the strength of the firewall or the skill of the cybersecurity specialist, cybercriminals can break through by targeting non-IT individuals in an organisation that are unfamiliar with their tricks.
According to KnowBe4’s African Cybersecurity Research Report (PDF), a survey of 800 persons across South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius, and Botswana seems to reveal that many Africans are not prepared for cyber threats.
From ransomware to phishing to malware and credential theft, KnowBe4 concludes that most users do not protect themselves adequately because they erroneously think they’re informed, ready, and prepared for such threats.
About 55% of the respondents believed that they would recognise a threat when they see one, and while a majority of them expressed concerns about the risk of cybercrime, they were comfortable giving away their personal information once they understood what it was being used for.
However, KnowBe4 reveals that phishing scams now use any necessary means such as phone calls and emails from supposed “trusted sources” to get valuable pieces of personal information.
Cyber threats such as phishing, ransomware, Trojan Viruses, and drive-by downloads are concepts that the average employee in an organisation may not be familiar with.
According to Misty Malan, Lead Channel Manager for KnowBe4, it is important that organisations train all their employees, especially those in non-IT roles, on issues of cybersecurity.
“The knowledge of cyber threats and how to avoid them should no longer be limited to just developers or IT professionals since hackers could exploit weak links anywhere in the organisation,” says Malan.
Microsoft’s Roy insists that organisations can always stay a step ahead by leading with security first, whenever a project is being embarked upon.
“Threat perception will keep changing as cybercriminals continue to create more complex means to launch attacks. It is then important that the organisation constantly updates its method of detecting, identifying, and responding to cyber threats,” says Roy.
As a precaution, Roy advises companies to obtain cyber insurance in order to mitigate the effects of cyberattacks, if/when they happen.