Companies around the world, but particularly in Africa and South Africa where defences are inadequate, are highly vulnerable to cyber attacks. Government systems are also weak. Where military personnel were once deployed on land, in the air and on sea, they are increasingly required at desks behind computer screens. Hacking incidents by terrorist group Boko Haram and others highlight how easy it is for sinister forces to infiltrate top-secret systems. Ken Obura of the University of Nairobi says Africa’s businesses and governments are several steps behind the smart operators quietly entering networks to access valuable data, disrupt activities and blackmail companies. These are not the sorts of stories that corporate public relations officers will pump out or confirm easily, as cyber breaches can easily cost a company its reputation, its customers and even its sustainability. There is a mushrooming business in providing advice to safeguard companies from cyber crooks, but not even the brightest at professional services firms and specialist tech companies are adequately equipped to keep infiltrators out of systems. Obura warns that low levels of security together with increasing connectivity make Africa’s cyberspace one of the most vulnerable to attack. – Jackie Cameron
By Ken Obura*
In August 2012, terrorist group, Boko Haram, reportedly hacked into Nigeria’s secret service and acquired private data on current and former personnel.
In April 2016, a group calling itself “Anonymous” was able to hack into the database of the Kenyan Ministry of Foreign Affairs and steal sensitive data.
More recently, a number of South African companies’ systems were infiltrated by cyberattackers and data held for ransom. The firms included Johnny Bags food manufacturers, DSV Global and Gebers & Partners.
These incidents illustrate the risks that the use of cyberspace poses to the African continent in the 21st Century.
To counter these risks, Africa has rolled out several initiatives. These include the adoption of an African Union convention on cyber security and personal data protection and an initiative to harmonise and ICT policy in sub-Saharan Africa.
A number of countries have also taken initiatives at the local level to address cyber security threats. For example, Kenya has created the National Computer Incident Response Team Coordination Centre to offer technical services. Similarly, Ethiopia has created an agency to improve its cyber resilience.
But cyber security systems in both the private and the public sectors are still below average in many countries. A 2016 cyber security report, for example, shows that most Africa-based businesses and government online services have weak security features.
These low levels of security, combined with increasing connectivity, make Africa’s cyberspace one of the most vulnerable to attack.
The new frontier of attack
Cyberspace is the latest domain within which human beings operate. The others are land, sea, airspace and outer space. Unlike the other domains, cyberspace has unique features that make it an attractive frontier of attack.
First, it’s situated within the networks of computing devices that are now connected by the internet. Because the internet has global reach, attackers are able to roam cyberspace freely and attack computing systems in locations that would be impossible to access physically.
Second, no passport is required to enter the cyberspace. This makes it possible for attackers to mask their identity, impersonate others and cheat their way into protected systems.
Third, cyberspace facilitates communication between networked computing devices through electronic messages. This makes attacks speedier than conventional warfare.
Finally, cyberspace networks use a decentralised network architecture. This enables attackers to continue functioning even when one network router is blocked or disabled.
More importantly, with the growth in computing technology, essential services of most states are now integrated into the cyberspace networks. This makes the cyberspace a strategic medium of attack.
Cyberattacks on the rise
The United Nations describes cyber attacks as those involving illegal behaviour that targets the security of computer systems and the data processed by them. These take various forms that include;
- Malware injection, which is the installation of malware (viruses, spyware, trojans or worms) into cyberspace with malicious intent.
- Phishing, which is a request for data from what looks like a trusted source. The aim is to trick users into providing sensitive information, or clicking on a malicious link.
- Hacking, which involves figuring out the password of a system’s platform so as to gain access into the system.
- Denial of Service, which involves flooding a system’s network with traffic and spam data. The objective is to overload it and make it slow or unresponsive.
These cyber attacks happen through information exchange without physical contact between the attacker and the victim. So, at the individual level, direct physical harm is almost non-existent. The harm is mostly emotional, psychological and reputational. Of course, in some cases, cyberspace communications can result in actual physical harm. For example, a victim of cyber bullying may be pushed to commit suicide or a hacker may use the gained data to track a victim and commit rape or murder. But these cases are isolated and indirect.
But when the attacks are targeted at state or institutional systems, they have the potential to harm society in new and critical ways.
The attacks can, for example, corrupt electoral systems or derail automated trains. They could also bring down electric grids, collapse traffic control systems, scramble financial data, explode oil refineries, and cause aeroplanes to fly out of control.
The 2007 attack against Estonia, the 2016 attack on Ukraine’s power grid and the recent claims of hacks of the US Democratic National Committee database, are illustrative of the devastating harm that a cyber attack can cause on modern society.
These realities of cyber attacks are especially stark in developing countries, like in Africa, where the technology and skills necessary to fend off such attacks are lacking.
Securing the cyberspace
Given the importance that the cyberspace network plays in the life of modern African society, the imperative of securing this domain cannot be gainsaid.
The International Telecommunications Union estimates that one in five Africans is now connected to cyberspace.
An overview by the United Nations also reveals that the supply of essential services in many African countries now relies on the cyberspace network.
However, a survey of 21 African countries conducted by UN Economic Commission for Africa found that while many countries had proposed legislation, the level of deployment of security systems to combat cyber crime was low.
One practical way of countering cyber attacks is to ring the vulnerable systems with a protective firewall. This would also entail the use of end-to-end encryption to ensure that data is always protected.
It is also imperative that the users of computing devices be educated on the need to only use licensed operating systems, to create strong passwords, and to ignore suspicious messages and links.
Legislation should also be in place to identify and criminalise harmful cyber behaviour and to assign responsibilities to the various cyberspace actors including cyberspace intermediaries like internet service providers.