Rising cyber attacks threaten digital progress

East African countries have the highest rate of cyber attacks in Africa, according to the latest Africa Cyber Security Outlook 2022 report by KPMG.
This is attributed to the rise in cashless payments and remote working after the Covid-19 pandemic.

According to the survey, 31 percent of the respondents from East Africa report that their organisations have been victims to cyber attacks.

This is largely pegged to the rapid development and adoption of digital technology across business sectors with limited expertise and awareness around technology and digital infrastructure.

The most affected sectors were financial services, energy and natural resources, and information communication technology.

The increase in cyber incidents is largely driven by various factors such as monetisation of cyber attacks, the attractiveness of personal information assets for syndicates, easy access to cyber attack tools, credential sales by initial access brokers, and availability of ransomware-as-a-service offerings.

According to the Verizon Data Breach Investigations Report (DBIR) 2021, the global uptrend in cyber incidents is primarily driven by organised crime perpetrators acting out of financial motivation, followed by admin-orchestrated and state-affiliated threat actors.

The recent global crisis involving Russia and Ukraine could further propel cyber attacks as the war extends to the cyber-physical space, potentially leaving collateral cyber damage in its wake.

The report revealed that the top threats faced by African companies were business email compromise, according to 26 percent of respondents, 17 percent cited ransomware, 15 percent noted data leakages, and five percent pointed out supply chain attacks.

An estimated 2.5 quintillion bytes of data is being generated every day across the globe. This shows that hackers now have access to more sensitive data, with increased attack surfaces.

The shift of the economy to a remote and hybrid working culture is also prompting cyber criminals to attack the potentially weaker network and endpoint defences.

In addition, according to an Interpol report, African businesses continue to face cyber threats in the form of online scams, digital extortion, business email compromise, ransomware, and botnets.

While East Africa has the highest adoption of digital transformation, with 89 percent of organisations undergoing digital transformation, it also has the largest proportion of cyber-attacks among the African regions.  

“While 39 out of the 54 African countries have established cyber security legislation, Africa’s adoption of cyber security policies and regulations stands at 72 percent, which is the lowest across the globe. This, together with the outcomes of our research indicates that there is a very real need to rapidly advance agile cyber security measures to enhance risk resilience and enable organisations to harness new opportunities for revenue growth and business success, while ensuring business continuity,” Mr John Anyanwu, partner and head of cyber security at KPMG Nigeria & Africa cyber lead said.

He added; “This comes with its budgetary and resource challenges but as a continent, we need to become innovative in our approach and lean into experts that can tighten controls and improve Africa’s cyber resilience for increased economic benefit.”

Digital transformation
 The digital transformation of East Africa has been driving an influx of workers and regional tourism. These factors combined with the setting up of key banking institutions across countries such as Kenya, Uganda and Rwanda, have exacerbated cyber threats in the region.

However, organisations in East Africa have taken cognisance of the cyber risk landscape and have a sharp focus on cyber security, regionally, with about 77 percent of the organisations having well-defined and regularly reviewed cyber strategies or having strategies with measurable KPIs. Countries across East Africa are integrating ICT in their economies. For instance, Kenya has weaved ICT-focused economic policies into its cyber security strategy to promote socio-economic development across the region.

Rwanda and Uganda are also in the process of drafting legislation about cyber security. In addition, Rwanda has been known to periodically conduct cyber attack simulations, involving government and private stakeholders, to test the effectiveness of cyber security controls and policies.

Cyber defence
Cyber strategy in Africa is more mature than ever before, with 75 percent of companies having strategies that were either regularly refreshed or had been built in alignment with the organisation’s threat profile with measurable KPIs.

Furthermore, 61 percent of companies have implemented a clear data protection/governance approach, with 80 percent reporting the establishment of robust frameworks and welldefined strategies to mitigate security and privacy risks.

 “As organisations undergo digital transformation, it is crucial that they envision data protection and privacy as a key strategic component and we are starting to see a massive shift across the African continent,” saidMarcelo Vieira, partner and head of cyber security for KPMG South Africa.

Cyber talent
There is still a limited pool of cyber security talent. This explains why chief executive officers should prioritise highly specialised cyber security resources with skills for cyber leadership, securing and testing systems.

 “More than 50 percent that have recently fallen victim to cybercrime, still lack confidence in the effectiveness of their cyber security incident response team’s action during a major cyber security incident. So a new focus on building cyber skills is critical,” said Anyanwu.
 
 About 75 percent of companies encounter challenges in recruiting and retaining qualified cyber professionals and only one in three have access to a sufficient talent pool.

Despite this however, some industries are well geared towards cyber skills, with the highest percentage of adequate skills being in the manufacturing (48 percent ) and ENR (47 percent) sectors, followed closely by the Fast Moving Consumer Goods and ICT sector.  

The financial services and public sector have been prime targets for cyber-attacks and demonstrate an acute demand for cyber resources, largely due to the high level of regulatory oversight required.  While there is currently a shortage – there is no doubt that Africa is taking this seriously with 55 percent planning on recruiting cyber security resources in the next 12 months, with 58 percent planning to on board at least one to two resources and 25 percent looking at three to five resources.

[email protected]