The “Cybersecurity and Cybercrime Trends” Report – A seminal benchmark for African Union countries

News item | 31-05-2017

With a young population that is rapidly adopting new technologies, a pattern of ICT development that has leap-frogged infrastructure-reliance and a burgeoning e-commerce industry, Africa’s economy is poised to grow. But prosperity and digitization come with new risks and vulnerabilities, such as cybercrime, that could undermine progress. To better understand the cyber threat landscape in the continent, the African Union Commission and Symantec released a report analyzing cyber security trends and government responses in Africa, as part of a Global Forum for Cybersecurity Expertise Initiative with support from the U.S. Department of State. The report explores various cyber security trends in Africa, including the overall professionalization of cybercrime, while it also takes stock of the many advances made by national governments.

Written by: Ilias Chantzos, Senior Director of Global Government Affairs for Europe, Middle East & Africa (EMEA) as well as Asia Pacific and Japan (APJ); Global Advisor for Critical Infrastructure and Data Protection at Symantec Corporation and Moctar Yedaly , Head of Information Society Division , African Union Commission.

The African cyber paradigm: opportunity and vulnerability

While the African continent is fast developing its ICT infrastructure in all its dimensions, thanks to a growing economy, it has also become more vulnerable to cyber threats. Africa has leap-frogged many cycles of technological advancement, for instance in terms of telephone landlines vs. mobile telephony, and today finds itself in a situation where ICT, mobile connectivity, social media, and even the Internet of Things (IoT), become formidable vehicles of growth and modernisation, as well as targets for internal and foreign investment.

Africa has a young population -in fact the youngest of the world with a median age just below 20 years. Young generations are embracing the features of today’s social engagement, hyper-connectivity, and automation, both at work and in their personal lives. At the same time, however, all this puts Africa in the same range of cyber vulnerability already experienced by other regions with more sophisticated technological environments, especially when it comes to cybercrime.

Cybercrime is on a dramatic rise on a worldwide basis, and Africa is not immune from it. In order to carry out their activities, cyber criminals look for fertile environments, both in terms of technological vulnerability and user behaviour. As an example, Africa is the leading force for mobile money transfers: 14% of all Africans receive money through this medium. Further, the e-commerce business is estimated to reach a market value of $75 billion by 2025. This immediately becomes an enticing proposition for increasingly sophisticated cybercriminals, who, like everywhere else in the world, exploit both vulnerable technology and users’ carelessness.

Moreover, outdated operating systems further compound the situation. Indicatively, about 25% of personal computer users in Africa are still on Windows XP that were first released in 2001 and today unsupported and unpatched, or even pirated software. Meanwhile, in the mobile sphere, nine out of ten devices use the Android operating system which is by a long way the most vulnerable in the marketplace.

The result is a growing cyber criminality and a severe threat to the overall economy of the continent, which governments need to tackle decisively and in a timely manner to avoid a very punishing outcome and a de facto barrier to the path of advancement. However, only a three-pronged effort can contribute to an effective response:

  • Policymakers will need to implement effective policies towards the creation of a safe cyber environment and the increase of confidence in the use of technology, for government agencies, businesses, and citizens.
  • Technology companies can provide the necessary tools, in terms of infrastructure, devices, software and, crucially, cyber intelligence.
  • For their part, users traditionally the weakest link when it comes to cyber security need to adopt sound habits and careful mastering of connectivity capabilities.

Understanding the threat landscape

The borderless nature of cybercrime makes African countries vulnerable to all threats already present elsewhere. In this context, African policy makers find themselves in the compelling need to develop and implement effective policies, legislation as well as awareness and education initiatives to address the risk of cybercrime and cyber threats in general. But any set of measures to be effective require a thorough understanding of the threat landscape. To this end, cyber intelligence is a crucial tool in the effort to increase cyber security and consequently confidence in the use of technology.

Symantec, as the largest cyber security company in the world, can count on the largest set of sensors on the Web, called Global Intelligence Network (GIN). Every year, hundreds of extremely skilled analysts, analyse trillions of bytes of telemetry gathered through these sensors, and distil the data into an annual report: the Internet Security Threat Report (ISTR).

In order to overcome the information gap the African Union (AU) and Symantec, through the Global Forum for Cyber Expertise (GFCE) and with the support of the U.S. Department of State (DoS), have engaged in a Public-Private Partnership to develop a report that collected and presented detailed technical data on the cybersecurity threats in Africa.

The report “Cyber Crime & Cyber Security Trends in Africa” analyses the key technological trends in the continent and the cybercrime proliferation and its techniques. The unique feature of this report is that it incorporates online threat data from Symantec’s comprehensive cyber threat monitoring network, including the GIN and the ISTR mentioned above, as well as the perspectives of African Union Member State governments. Some key findings point to the proliferation of ransomware, social media scams and the explosion of mobile malware in the continent.

The analysis of this information is crucial for policy makers and law enforcement agencies to better understand the cybercrime patterns, motivations, targets, vulnerabilities, and techniques. The improved cybercrime threat assessment capability of governments can allow them to have an evidence-based decision making, including in the prioritisation of resources for their national capacity building efforts and in managing the cybercrime risks for citizens and businesses. As a result, this comprehensive report shall serve as a valuable tool to African governments to identify gaps, select measures and prioritise the allocation of resources in addressing the diverge range of cyber threats. This is particularly pertinent considering that both financial and human resources are limited, since cyber security skills are the scarcest in the ICT realm not only in Africa but also globally.

A collaborative endeavour

The report was officially launched by the AU on 10 March this year, and will therefore become a useful benchmark for future endeavours and analysis in the African cyber landscape. Thanks to the strong commitment and proactive attitude of all involved stakeholders, the process in itself has been an enriching experience for all parties involved. A project full of complexity both by nature and distance, it was made possible due to effective coordination and multiple iterations amongst the different stakeholders and contributors. In this respect, the networks of the AU and DoS were instrumental to the outcome, while the GFCE proved to be a valuable forum for mobilising relevant actors and putting together such an initiative.

The ‘Cyber Crime and Cyber Security Trends in Africa’ Report represents a ground-breaking, inspirational initiative, which can pave the way to new bold projects in the field of cyber security that can support the African governments build capacity and confidence in cyberspace and further progress on a path of economic and technological growth.

This article was first published in the third issue of the Global Cyber Expertise Magazine – May 2017.