A “Digital chaos”. This is the threat hanging over an Africa increasingly interconnected but lagging behind in the area of computer security. This alarming finding was unanimous among the participants of the first Cyber Africa Forum, an event bringing together African and international cybersecurity experts, Monday, June 7 in Abidjan.
In recent years, digital technology has grown by leaps and bounds on the continent. The best example concerns the financial services sector, where many African countries have moved directly from cash to mobile payment. But cybersecurity remains the poor relation of this transformation. Weak infrastructure, lack of skills and lack of awareness among businesses and users make Africa particularly vulnerable to cyber attacks.
“Digitizing without protecting is dangerous”, hammered Monday Roger Adom, the Ivorian minister of the digital economy. For this former “Mr. Tech” of the Orange group in Côte d’Ivoire, institutions and companies in his country as well as in the sub-region are facing a “Major challenge”. In ten years of existence, he recalled, the incident center of Côte d’Ivoire has quantified the cost of cybercrime for the country’s economy at 20 billion CFA francs (about 30.5 million francs euros).
Teleworking increases the risks
On a continent-wide scale, this loss was estimated at 3.5 billion dollars in 2017 (around 2.9 billion euros at the time) in a study published by the pan-African cybersecurity firm Serianu. A significant prejudice that increasingly worries policy makers and leaders of the private sector. Because cybercriminal organizations no longer have much to do with the archaic image of Ivorian “grazers” and Nigerian “Yahoo boys” of the 2000s, authors of scams (to the feeling) and small ransoms on the Web. Today, attacks are carried out by prowled individuals and organized entities.
In September 2020, cybersecurity software publisher Kaspersky indicated that Africa had been the target of 28 million cyber attacks between January and August 2020. The Covid-19 pandemic has increased the risks. In a study carried out among 211 large companies based in eleven French-speaking African countries and unveiled Monday, the consulting firm Deloitte reveals that 40% of them have known “An increase in the number of incidents” since 2020. In question, the “Even greater attack surface”, a consequence of teleworking, to which 92% of the companies questioned indicated that they had used partially or totally since the start of the health crisis.
If all sectors of activity are targeted, “Cyber attacks are mainly focused on the financial sector and sectors of vital or critical importance, such as water, energy and telecommunications”, because they are more interconnected than before, specifies Dhia Hachicha, director at Deloitte and co-editor of the study. And it might go crescendo, he recalls, as energy networks shift to “Smart grid”, a model digitizing electricity distribution.
The proliferation and sophistication of attacks requires the development of a culture of cybersecurity. However, according to the Deloitte study, two-thirds of African companies surveyed spend less than 200,000 euros per year on this subject. Low budgets, most of which are allocated to infrastructure, without real investment in the crucial area of “Data security”, says Dhia Hachicha. “The level of cybersecurity on the continent is improving, he concedes, but not at the same rate as elsewhere in the world. “ According to him, the level of maturity in cybersecurity is ” most important “ in English-speaking Africa, due to“Older and more deployed connectivity”.
“Convert and recruit grazers”
On the side of the authorities, the taking into account of digital risk is progressing slowly. Nationally, most states have adopted a legal arsenal to govern cyberspace and crack down on crime. But the continental initiatives are already old and little followed. Adopted in 2014, the African Union Convention on Cybersecurity and the Protection of Personal Data – called the “Malabo Convention” – “Has only been signed by 18 countries and ratified by eight”, sighs Adnane Ben Halima, vice-president in charge of public relations of the telecoms company Huawei Northern Africa.
The challenge is also the training of new skills in this field. Because human capital is lacking, especially in French-speaking Africa, where the market is forced to recruit abroad, at a high price. Provocateur, Charles Kié, co-founder of the investment company New African Capital Partners and a keen connoisseur of the issue, suggested “Convert and recruit grazers”, like what did “The United States and Russia”. To date, training initiatives, especially in Dakar, are floundering, and universities have not yet integrated cybernetic skills needs into their curriculum.
By bringing together personalities from the public and private sectors around cybersecurity issues, Franck Kié, the commissioner general of the Cyber Africa Forum, hopes that“A global vision can emerge from this ecosystem”. And to convince the most reluctant to take an interest in it, the young man reminds us that if cybercrime has a cost, it also offers opportunities: according to the Africa Cyber Security Market organization, the African cybersecurity market continues to grow. and would have increased from 1.33 to more than 2.32 billion euros between 2017 and 2020.