Africa ‘fertile ground’ for cybercrime
However, cybersecurity incidents rarely make the news. Managing executive in charge of cybersecurity at Vodacom, Sheldon Bennett, said: “You rarely see incidents reported across Africa. And certainly not recurring incidents. Yet we’re not aware of any reasons that hackers, or even organised crime, wouldn’t want to attack Africa.”
Bennett was speaking at a briefing to discuss how Africa compares with the rest of the globe from a cyber- security perspective,.
He mentioned a recent cyber- attack in which South Africa was apparently among 17 countries targeted by North Korean hackers called the Lazarus Group, which attacked an unnamed African bank and made off with $100million (R1.4billion), as an example of how under-reported such incidents are.
Bennett said: “In Africa, a lot of work needs to be done to get better at sharing news of cybersecurity incidents. It’s not about the gory details - cybersecurity experts are more interested in understanding how they do it or how they ultimately achieved their objective.
“The African Union Commission published a recent report and said only 20% of Africa states have basic legal frameworks to deal with cybercrime. Most countries have no mechanism to deal with it,” said Bennett.
“South Africa and Kenya are probably the two most advanced in this regard and Nigeria is coming up fast. In Kenya you have the Computer Misuse and Cybercrime Act, and already there are a number of investigations of incidents that have occurred in Kenya. In SA we have the ECT (Electronic Communications and Transactions) Act and the Cybercrimes Act,” Bennet said.
A lot of the crime on the continent is phishing. Phishing attacks have become more orchestrated, making it harder to tell a valid request for information from one attempting to solicit information for criminal activity. Bennet said they had seen how compromises of one website led to the compromise of another.
Bennett said cellphones carried a lot of sensitive and important data, so keeping work data safe was a major priority. A security tip for users was to constantly change their passwords to something new.
“Security today means you have to be proactive when handling incidents and managing your threats landscape,” he said.@MwangiGithahu