The COVID-19 pandemic has accelerated digitization around the world, but as life increasingly evolves online, cybercriminals have exploited the opportunity to attack vital digital infrastructure.
African states, where digital capacity continues to lag behind the rest of the world, have become a favorite target for cybercriminals, with costly consequences. In early October 2020, Uganda's telecommunications and banking sectors were plunged into crisis due to a major hack that compromised the country's mobile money network, the use of which dramatically increased during the pandemic. It is estimated that at least $ 3.2 million was stolen in the incident, in which hackers used around 2,000 mobile SIM cards to access the mobile payment system.
In light of the increase in attacks, institutions such as the Central Bank of Nigeria and national cyber response organizations in Tunisia, Côte d'Ivoire, Morocco and Kenya have sounded the alarm bells with businesses and citizens, urging them to improve security measures. But African states still lack a dedicated public cybersecurity strategy. As a result, cybersecurity initiatives related to COVID-19 have been primarily driven by the private sector, especially business and industry federations. These are seldom enough, as it is a long and difficult task for most companies who are simply dealing with the business impact of the pandemic on their day-to-day operations.
Improving the cybersecurity of African states begins with creating a safe culture in institutions and businesses.
Safety should be on the agenda in every boardroom, in the ongoing training of employees and in investing in the right tools and solutions. And more importantly, security should be an integral part of a company's culture because it is this factor that ultimately determines its risk and security posture.
"There is a clear link between safety culture and safe behavior and that in itself correlates with a clear reduction in risk to the organization," explained Vice President Content Strategy, KnowBe4 Africa, Anna Collard before adding "By improving your safety culture, you immediately improve employee behavior and risk filling one of the biggest safety gaps in every business - people. People are often the weak link. Those who click the link, open the phishing email, share their company passwords, and accidentally create vulnerabilities within the organization. "
A recent study by KnowBe4 examined the behavior and safety culture of more than 97,000 employees in 1,115 organizations around the world. "This groundbreaking research has provided a very clear and measurable link between safety culture and safe behaviors and emphasizes the importance of investing in people, training and best practices in safety communication. to ensure that this link is always maintained. " In short, "The more the company emphasizes on the culture of security, the more likely it is that employees adopt safe practices and adopt safer behaviors."
In order to strengthen cybersecurity, African governments can take a number of steps to improve their ability to prevent and respond to cybersecurity vulnerabilities. First it is essential that decision-makers define a medium and long-term cybersecurity policy and strategy to integrate cybersecurity into initiatives governments and specify the resources needed to achieve this. This requires the establishment of national authorities or agencies with sufficient financial resources to implement the strategy and strengthen the country's cyber resilience. In addition, governments should promote a culture of cybersecurity societal responsibility in order to strengthen the confidence of citizens and organizations in the cyber economy, digital services and the Internet at large. States should put in place cybersecurity awareness and training programs for the public, private sectors, academia and civil society to equip them with the skills and knowledge necessary to respond to cybersecurity risks. Governments must also establish the essential legal frameworks to regulate the use of cyberspace and to sanction cybercrime.
To improve resilience, African states must urgently define response plans to be deployed in the event of a major attack on their critical infrastructure. These plans should outline immediate nationwide measures, as well as back-up digital alternatives, to ensure that government and organizations would still be able to function even with a sudden loss of digital tools and networks. National and regional stakeholders must be involved in the response plan, and national cybersecurity maturity and capacities must be taken into account, in order to tailor the response to the local context and to the financial, human and technological resources available.
Since cybercrime knows no borders, international and inter-stakeholder collaboration and coordination, as well as cooperation between public and private sector leaders, will be of great importance here.
National cyber response plans can be strengthened through the establishment of well-resourced and fully functional Regional and National Cyber Emergency Response Teams (CERTs) across Africa. Regular exercises should be carried out to assess and improve plans, for example by participating in national or regional cyber exercises conducted by the International Telecommunication Union (ITU).
Cyber Security Capacity Building (CCB) provides countries with the foundation to both improve their digital economies and build resilience to cyber threats. Many global CCB initiatives are already underway in African institutions and states. These include the Global Cyber Security Capacity Center (GCSCC) with its Cybersecurity Capacity Maturity Model (CMM) as part of the Commonwealth Cyber Program, the Global Forum on Cyber Expertise (GFCE), and the International Telecommunication Union with the GCI (Global Cybersecurity Index), to name a few. These initiatives foster international cooperation, which is essential for global and national cybersecurity. They also provide a benchmark and benchmark for governments developing their national cybersecurity policies and strategies.
African states, institutions and civil society must not only demonstrate their commitment to cybersecurity, but also work closely and in partnership towards the common goal of protecting citizens, businesses and organizations in the era. digital. This will be imperative to avoid more damaging cyber attacks, which in the wake of the COVID-19 pandemic could have devastating effects.