Emergent digital infrastructure in Africa has become a fertile testing ground for cybercriminals, with organisations on the continent suffering nearly twice the rate of cyberattacks as their international counterparts.
This is according to the 2024 African Perspectives on Cybersecurity report, published by Check Point Software Technologies last week.
“The rapid digitalisation of Africa’s key sectors has positioned the continent as a prime target for sophisticated cyberthreats,” said Lionel Dartnall, acting country manager for South Africa at Check Point.
“Organisations must urgently implement robust security strategies to prevent data breaches, ransomware and compliance drift. Adhering to the EU’s NIS2 directive is critical for maintaining secure trade relationships with Europe, which is a major revenue source for many African economies.”
According to the report, while the frequency of attacks per organisation worldwide sat at 1 876/week for the third quarter of 2024, the same statistic for African organisations is nearly double at 3 370/week. Dartnall said there are several factors contributing to this phenomenon.
Firstly, Africa’s digital footprint is expanding at a rapid rate, which means the threat surface area – or the space available for attackers to exploit – is growing larger, too. Also, cloud adoption is on the rise on the continent and is another space attackers are exploiting. The third factor is the lack of comprehensive cybersecurity solutions to manage emerging threats.
“We find that many organisations have point solutions to secure a desktop, a network or a cloud instance, but nothing that speaks to all these components as a system, and that’s what the attackers take advantage of,” said Dartnall.
Skills gap
Also contributing to the disproportionate rate of attack on African organisations is the skills gap in the cybersecurity sector, which, according to Dartnall, leads to the improper implementation of solutions after they are purchased.
Check Point’s research found that governments, educational institutions and the financial sector are the most targeted by cybercriminals across Africa. According to the Hendrik de Bruin, head of security consulting at Check Point, the type of attacker is split between professional ransomware gangs with a profit motive and opportunistic organisations that prey on African organisations in particular because the nascent state of digital development that means “there’s a lot of low hanging fruit”.
“One of the key problems is that cybersecurity is often a tick-box exercise. Organisations often go to the market without due care or due diligence, procuring on price and not quality and support,” said De Bruin.
“A lot of times these solutions are not implemented properly. The continent needs to put an emphasis on vulnerability and business impact assessments and penetration testing.”
Artificial intelligence is playing an increasingly critical role in the cybersecurity sector and is used both by criminals and security professionals alike. De Bruin said cybercriminals are using AI to shorten their “time to market”, increasing the sophistication and scale of their attacks.
Security professionals, meanwhile, are using AI to overcome the skills gap by automating the procedures engineers undertake in their daily routines. Check Point also has an in-house AI “copilot” that helps engineers navigate an organisation’s IT landscape using natural language prompts. The tool is useful for probing networks, performing tasks and training cybersecurity engineers, said Check Point.
Read: The biggest prime number ever found
According to the report, African organisations must shore up their cybersecurity posture to mitigate the risk of income loss, especially if they have revenues flowing from European companies, who must ensure they comply with the NIS2 directive.
“As African organisations increasingly adopt hybrid and multi-cloud environments, they face greater risks associated with data loss, compliance drift and unauthorised access. The NIS2 directive from the EU establishes a global cybersecurity standard that African businesses must meet to safeguard key European partnerships,” said the report. — (c) 2024 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here