logo

Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa

Conference:  BlackHat USA 2020

2020-08-06

Summary

Building cybersecurity strategies for emerging industries in sub-Saharan Africa
  • Sub-Saharan Africa lacks specific data on the cybersecurity industry
  • Effective policies must be implemented to address the distinct operating environment of the region
  • Local cybersecurity practitioners should develop open source or affordable tools for the local market
  • A more sophisticated and organized cybersecurity system is required to curb existing and emerging threats
  • Encouraging more professionals to join the industry and work together to build it
In sub-Saharan Africa, there is a need to adapt available resources and formulate comprehensive regulatory policies that would better govern the cybersecurity ecosystem in the region. The lack of specific data on the cybersecurity industry makes it difficult to come up with proper strategies. However, local cybersecurity practitioners have developed open source or affordable tools such as the mth3l3m3nt for web app pentesting and MARA framework for reverse engineering, which can strengthen the security stature of the region. Encouraging more professionals to join the industry and work together to build it is also crucial.

Abstract

The increase in cyber attacks in sub-Saharan Africa has become an issue of major concern for the region and its people. With the increase in use of digital technology, cyber security is becoming a critical aspect of the day-to-day lives of individuals and organisations. A 2019 report by The World Economic Forum placed cybercrime as one of the three greatest threats in Africa.Sub-Saharan Africa is well connected to the global economy with regard to commerce and finance. This means that the cyber threats affecting the regions with both local and international origins should be put into consideration with the onset of every new technology. Globally, Africa has been geographically segmented with the Middle East in the cyber security market. However, there is a big divide in the adaptation of technology and cyber security between sub-Saharan Africa and North Africa/The Middle East.A report based on IDC's Sub-Saharan Africa CIO survey of 2019 estimates the total sub-Saharan ICT market to grow from $95.4bn in 2020 to $104.2bn by 2023. According to the same report, technologies such as cloud, social media and big data are some of the key areas of growth in 2020.As the use of technology has become widespread across the region, Sub-Saharan Africa experiences a great many cyber attacks annually, both attacks that are seen in other parts of the world but also attacks that are specific to the region.A study conducted by the International Data Group connect shows that sub-Saharan Africa's economy has been hard hit by cybercrime. The data shows that cybercrime costs South Africa an estimated $573m annually with Nigeria and Kenya losing $500m and $36m respectively. Seen in proportion to GDP of the countries, this represents tremendous sums lost to cybercrime. While these figures show the size of the problem in this part of the world, 96% of African organizations set an average annual budget of $5,000 for cyber security. Pan-African Cybersecurity and Business consulting firm Serianu ranked banking sectors and government as the most targeted by cyber criminals.Cyber crime in Africa has been on a rapid increase compared to the rest of the world with an estimate of 80% of personal computers being infected with some kind of malicious software. One of the most affected industries in sub-Saharan Africa is the financial sector. Globally, Africa leads in the use of mobile money transfers with an estimated 14% citizens receiving money through mobile money transfer like Kenya's MPesa. With sub-Saharan Africa hosting some of the biggest mobile money transfer services, mobile money has over the years been a primary target for criminals. Some of the threats that have affected the mobile banking industry are social engineering and reverse engineering of mobile money apps for malicious purposes. A lot of mobile money users and providers have been immensely affected by criminal activities targeting the platform.With cybercrime on the rise, Sub-Saharan countries lack proper legislation, such as cyber laws, to govern the cyber space thus creating a permissive environment for cyber criminals. Most countries in the region struggle to implement cyber security measures due to budgetary concerns and the small number of skilled cyber security practitioners.Some of the common challenges faced in the cyber security industry in sub-Saharan Africa include:High cost of cyber security toolsLimited security budgetsUse of pirated versions of cyber-security solutionsAbsence of adequate tools to provide accurate dataGrowing cyber threat owing to 5G deploymentOver-dependence on cloudIn order for sub-Saharan Africa to realize its full potential in cyber security, effective policies have to be implemented. Solutions designed must be geared toward the distinct operating environment of the sub-Saharan region. The question of cost is an inescapable facet of any technology implementation, even more so in the African context. Local currency values tend to be volatile thus depending on foreign solutions might be costly compared to the amount local companies can afford to budget for cyber security.Encouraging local security practitioners to develop open source or affordable tools that will work for the local market. Tools such as the mth3l3m3nt for web app pentesting and MARA framework for reverse engineering which were both designed by Kenyan cyber security practitioners can strengthen the security stature of the sub-Saharan region.As the technology grows complex and diverse by the day, so does the surface for malevolent exploitation. Sub-Saharan countries however, continue to emulate technologies, policies and strategies implemented by more developed countries. These fall short in addressing needs specific to the threat landscape in the region thus creating a need to adapt available resources and formulate comprehensive regulatory policies that would better govern the cyber security ecosystem in the region. A more sophisticated and organized cybersecurity system is required in order to curb existing and emerging threats. Our goal is to examine how sub-Saharan Africa can exploit existing skill sets and resources to create a system that works for the region.

Materials:

Tags: