Cyber Threats to Security in Africa
Internet safety and freedom of expression is something easily taken for granted; if an individual lives in a country wherein access to the web is comparatively open and protected it’s easy to forget that 75% (2.1 billion) of all internet users in the world (2.8 billion) live in the top 20 countries. The other 178 countries – each representing less than 1% of total users – are steadily increasing their web presence, but there are often questions of adequate online protection and security.
Internet access for those living in Africa has improved drastically over the past decade. Today, more people than ever before are able to access the web; however, many of these users are very limited in what they can see, as well as what they can post. Internet access, unfortunately, does not necessarily equal openness or protection. Experts estimate that half of all Africans will be online by 2025, meaning the issue of transparency of Internet policies on the continent will become even more critical in the next decade. The current debate largely centers on how to balance cyber threat concerns while protecting the rights of citizens to freely acquire information.
Cyber threats present a growing risk to both the African tech sector and the security of local governments. The advancement of information and communications technology in an absence of suitable legal frameworks has led to the manifestation of diffuse cybercrime behaviors, leaving everyone vulnerable to attack. One recent report on cybersecurity in Kenya said businesses in the country lose about $146m each year to cyber criminals.
Innovative tech firms in Africa are increasingly aware of the fact that the benefits of the internet and mobile devices are harnessed to conduct criminal activities, as well as intrusive government surveillance tactics. Today international tech companies compete in their efforts to provide African customers in the tech sector with unbreachable privacy, offering increasingly sophisticated spyware and encryption packages. “Cyber mercenaries”, or “hackers for hire”, are also hired to discover vulnerabilities and covering problems that the developer can then fix. Everyday web users – still new to the broader Internet landscape – often fall prey to malware that relies on problems developers have already patched, but that the user has yet to update on their own machine.
For both personal and professional web users, the best way to stay ahead of digital security issues is to keep one’s computer up to date. Given the inherent complexity of coding and software development, errors and omissions are often left behind when software is released. These holes are called “bugs.” When exploited by viruses or spyware, bugs can cause vulnerabilities, opening up one’s computer systems to attack. In Africa, one of the most common ways to pick up a computer virus is from infected movable media like flash drives/memory sticks. Good antivirus software, with anti-spyware properties, is crucial, but keeping one’s system in working order and staying abreast of the latest security updates is truly the most effective prevention against malicious virtual activity.
However cyber security and cyber resilience are far from just “technical problems” – these issues stem from more serious and complex geopolitical mechanisms, and increasing the securitization of domestic digital spaces can require costly trade-offs with individual and collective freedoms. Some governments have responded to the problem by using their position to assume complete control of new Internet technology. For example, Ethiopia’s Anti-Terrorism Law, passed in 2002, authorizes a broad control of the Internet under the guise of national security – a law that has been used to charge journalists and human rights activists with crimes related to the spread of information. Complicating the problem further is the fact that certain African governments procure surveillance technologies and automated security monitoring systems from Western spyware manufacturers to purposely exploit them for the collection of data on individuals for surveillance purposes.
For companies adopting Internet technologies at a very fast pace, equipping security defense teams in both the public and private sectors is of crucial importance. Nigeria, known for its notorious email scams across the world, was the first country in West Africa to introduce rules aimed at regulating cyberspace. South Africa has adopted the Council of Europe’s Convention on Cyber Crime CETS NO 185 (CECC), but it has yet to ratify the treaty. Unfortunately, in many regions throughout the continent, network connections are spotty and speeds are slow. This highlights the fact that, while Internet safety is a very real concern, many African people must first gain access before they can worry about being scammed by hackers.
The first step, then, is cultivating a “cyber aware” culture. In a world of constant technology change, a base-level of cybersecurity is essential towards establishing an environment in which innovation can arise and flourish.