Cybersecurity has risen to become a national concern as threats are taken now more seriously. Africa has been among the fastest growing regions in terms of cybercrime activities to the extent that the continent is considered as a source of significant cyberattacks targeting the rest of the world.
According to the British consulting firm Ovum, a billion people in Africa will have Internet access by 2022. Analyzing the trend of cybercrimes across countries back in 2013, analysts have suggested 10–15% Internet penetration as the threshold level for the generation of significant hacking activities. Today, internet penetration rates in many African economies have already reached this level. Bulent Teksoz of Symantec Middle East noted, “Cybercrime is shifting towards the emerging economies. This is where the cyber criminals believe the low-hanging fruit is”. Unsurprisingly, many African economies have become important sources as well as victims of cyber-threats.
Attacks range from simple email scams to large-scale theft of customer data using malware, ransom attacks and disinformation or fake news. These can have wide-ranging effects, including financial losses, reputational damage, and disruption of business and government operations. Moreover, Africa is witnessing the emergence of cyber criminal gangs available for hire – globally. Renting their “know-how” to extort ransoms or provide another tool in the armory of terrorist groups such as al-Shabaab and Boko Haram. The Islamic State, it has been extensively reported, is already honing its cyber skills. Senior figures from the National Prosecuting Authority in South Africa say they are aware of at least a dozen of such criminal networks for hire within the country.
In South Africa, around 570 suspected cyberattacks happen each second. In a continent of 1.2 billion people, where hundreds of millions of citizens will go online in the next three years, the scale of future risk from abuses is clear. This is why it is imperative to implement cybersecurity regulations to try to reduce this number.
Cybercrime and Cybersecurity: The Nigerian legal landscape
According to the Cybercrimes (Prohibition, Prevention, etc) Act 2015 (the “Act”), any person, who without authorization or in excess of authorization, intentionally accesses in whole or in part, a computer system or network, with the intent of obtaining computer data, securing access to any program, commercial or industrial secrets or confidential information, commits an offence. The Act also makes it an offence for any person to engage in damaging, deletion, deteriorating, alteration, restriction or suppression of data within computer systems or networks, including data transfer from a computer system. Finally, the Act criminalizes such other cybercrimes as: system interference, electronic theft, spamming, spreading of viruses or malware, identity theft, phishing, and denial-of-service-attacks.
One of the most important Nigerian regulations on cybersecurity is the Central Bank of Nigeria's Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers (“the Guidelines”), which provide a risk-based approach to managing cybersecurity risks.
Among other things, the Guidelines mandate every company which fall under the payment service providers category to: adopt cryptographic controls such as public key infrastructure, hashing and encryption to guard confidential and sensitive information against unauthorized access; develop a data loss/leakage prevention strategy to discover, monitor, and protect sensitive and confidential business and customer data/information at endpoints, storage, network, and other digital stores, whether online or offline; and identify vulnerabilities in their assets by engaging professionals in this field to conduct Penetration Tests annually.
There is also the new Nigeria Data Protection Regulation which, among other things, regulates how data can be harvested, stored, and processed.
Moreover, foreign multinationals have also worked with local organizations to help consumers understand cybercrimes and help develop ethical standards. For instance, Microsoft teamed up with Paradigm Initiative Nigeria (PIN) to educate Nigerians on cybercrimes and to create economic opportunities.
FBI and Nigeria intensify investigations into cybercrime
On another note, Nigeria’s anti-corruption agency has collaborated with the FBI and announced that they have stepped up their joint operations against Nigerian cybercrime networks.
A “significant number” of the 77 cybercrime suspects identified by the FBI and transmitted to Nigeria were arrested during operations from May to September, according to the Nigerian Commission of Economic and Financial Crimes (EFCC).
A further 167 Nigerians, suspected of other computer fraud, have also been arrested since August.
“Our EFCC/FBI coordination efforts have achieved extraordinary results,” said EFCC spokesman Mohammed Abba at a joint press conference in Lagos with FBI representative Ahamdi Uche.
Abba said that during these operations, sums in cash, in dollars and nairas (Nigerian currency), were also found for a total amount equivalent to 383,000 euros.
Nigeria is notorious for being one of the countries with the most cybercriminals in Africa.
The FBI and the Nigerian authorities, as well as those of other countries, began working closely together in May to combat cybercrime and its networks, active in the United States.
Despite the big steps Africa is taking to secure all its sector, African businesses remain vulnerable to cyber crime. So what should businesses be doing to face these mounting concerns? Of course investing in innovative new technologies can help protect data integrity and address security threats as well as investing in technology that can identify vulnerabilities in IT infrastructure before cyber criminals strike, and investing in surveillance technologies. However, African businesses must raise more awareness about cybersecurity and most importantly, young Africans should explore more the cyber security space. Governments should develop and harness the talents of young people because the rise in cybercrime and reliance on the digital world will see a huge demand for a cybersecurity workforce, which is expected to rise over the next few years.
Lead Convener of NaijaSecCon 2019 Cybersecurity Conference, Rotimi Akinyele, disclosed that Naija Sec Con has an objective to establish a hub where students from across Nigeria can come for internships and get nurtured by experts, who will place them on the right track. With the hub, according to him, the skills acquired will be utilized properly and not for fraudulent activities.
In brief, cyberattacks targeting, as well as originated from African economies, are rising rapidly. However, there are many positive and encouraging signs. Cybersecurity legislation and enforcement measures in the continent are gradually improving. A variety of private sector initiatives have arisen that will help to strengthen the continent’s cybersecurity landscape.