The last couple of years have seen an increased move towards digital transformation, not just of business models, but in our day-to-day lives. As the world pivoted to meet the challenges imposed by the Covid-19 pandemic and subsequent lockdowns, both the private and public sectors saw the need to accelerate their digital transformation to continue operations.
Traditional brick-and-mortar businesses had to offer at least an online component to customers. Schooling and meetings went online. Employees saw the rise of the hybrid working model, which now sees many people working in an office and at home on different days of the week.
The need for connectivity underpinned all these developments; none of them could function satisfactorily without dependable, stable and fast online connections. But what many may have overlooked about our ever increasingly online world is that it has broadened the space in which cybercriminals operate. There are hardly any connected body corporations, NGOs, governments or citizens who are not potential targets.
A recent study compiled by Liquid Intelligent Technologies highlights a key trend: that cybercriminals are becoming more targeted and organised in their breach attempts in Africa. As one of the fastest growing regions internationally, Africa will have around a billion internet users by the end of 2022. The study notes that as the continent is “also the world leader in the use of digital money transfers, it is particularly vulnerable to cybercrime, especially as cybersecurity laws and regulations trail those in other countries significantly”.
“Because this type of criminality has become more widespread, education about how to guard against it is now more vital than ever,” says Liquid Intelligent Technologies group head of cybersecurity Ignus de Villiers. “Employees must be continually educated on what constitutes good cybersecurity hygiene.”
Adoption of cybersecurity best practices is easy – see below under cybersecurity tips. But while educating staff about how to avoid cyber-attacks is vital, businesses also need more robust cybersecurity measures in place. Whatever their size or model, companies need to guard against attacks such as identity theft, e-mail compromise and more.
In the study, Liquid spoke with IT and cybersecurity decision makers in South Africa, Kenya and Zimbabwe to understand the evolving threat landscape and its likely impact on businesses. The final report paints a rather disturbing picture. It shows:
- A high increase in both the frequency and technological prowess of cybercrime being identified;
- Corporations on the continent are vulnerable to breaches as it is estimated that over 50% of African countries have inadequate safeguards; and
- Cybersecurity legislation and regulations are lax or nonexistent, making cybercrime easier for cybercriminals.
Cybercrime can have a severe impact on any business. As the study reveals, these can range from financial (26%), to information theft (18%), to reputational damage (17%) to the disruption of business operations (14%). While most companies the study sampled all increased their cybersecurity measures in 2021, 79% of them saw an increase in cybersecurity threats in the same year, a significant increase on the previous year.
Last year, a report released by Interpol noted that the growing demand in Africa for digital services – the continent has the globe’s fastest growing internet and mobile networks and is the world’s biggest user of online financial services – has thrown its cybersecurity shortcomings into sharp relief.
The study found: “The unique challenge for Africa appears to be the critical absence of cybersecurity protocol, cyber resilience, as well as mitigation and prevention measures for individuals and businesses. As a region that is embracing digital transformation, Africa needs to invest extensively in improving the safety and security of cyberspace.”
Considering these reports, the only effective way to ensure a business is protected is to have a resilient cybersecurity framework in place.
As one of Africa’s leading cybersecurity providers, Liquid Intelligent Technologies offers end-to-end managed security services for digital solutions for businesses of any size. These include measures such as securing e-mail, providing firewalls for network defence, antivirus software, and managed networks to protect outside users such as consumers. In addition, Liquid believes in training employees to be the first and best line of defence against cyberattacks.
“Our offerings are designed to secure customers at every intersection of their digitally transformed business,” says Unathi Mothiba, Liquid Intelligent Technologies group product manager: cybersecurity. “They cover all aspects of security, minimising the opportunity for breaches and risks.”
Cybersecurity should be a major priority in Africa — for businesses, governments, NGOs and individuals. Cybercrime is not going away, so we all need to be on our guard against it.
These specific tips have been chosen because they are best practices for employees – whether working remotely or in an office:
Liquid’s report highlights that around 32% of all breaches in the companies surveyed were through compromised passwords, so it is vital to make sure passwords are strong. It is also a bad idea to use words that are easy to guess, such as the names of loved ones, pets, or simple words like “password” or “1234”. Use strong passwords or phrases which consist of letters and numbers, at least one capital letter, a special character and make them 14 characters and more. It is easier to use and remember sentences, for example, “My son only has $10 to spend a week.” It’s also better to implement and use two-factor or multi-factor (MFA) authentication, where users authenticate by providing a password, and a Pin received via a cellphone they have with them.
E-mail is one of the most frequent avenues that cybercriminals use to breach an organisation’s security measures. Using targeted phishing attacks, social engineering and more, hackers use innocent looking e-mails to entice users to act on them and gain access to an organisation’s data and networks, or to install malware, including ransomware. E-mail attacks accounted for over 60% of system breaches in 2021. So always look at the sender’s e-mail address and be wary of e-mails from addresses you do not recognise. Don’t open any links or attachments that look suspicious. Such e-mails should be reported to your company’s IT or security department immediately.
Make sure your software is up to date, sanctioned and known vulnerabilities are remediated
Cybercriminals frequently make use of legacy exploits, which are security holes in software that has not been updated, or that was weakly configured. According to Liquid’s study, 2021 saw a 30% increase from 2020 in these types of intrusions. To make sure you are not vulnerable in this regard, it is vital to keep the software up to date on your work and/or private laptop, tablet and smartphone. Equally important in this regard is not to use unsanctioned or unapproved software, as most free applications and websites offering those cannot be trusted.
Invest in advance endpoint protection software
It is obvious that buying antivirus or rather more comprehensive endpoint protection software is crucial, but you would be surprised by how many companies and individuals do not bother. Going online without comprehensive endpoint protection software is like diving off an airplane without a parachute. It is vital to protect against all sorts of cyberattacks, which can lead to data breaches, including data leakage, data disclosure, ransomware, data extortion (all of which stood at 59% in 2021) and identity theft. Make sure you buy and install robust protection, meaning advanced endpoint protection, rather than just antivirus. It is advisable to pay more for a reputable brand in this field. This does not just apply to desktops and laptops; it is well worth buying the same for your smart devices as well.