The world is a true global village owing to the rapid rise and adoption of the World Wide Web. This technological advancement that is fueling the 4th industrial revolution for humankind has expanded opportunities for individuals and businesses. The Internet has opened the world to the extent that you can order anything you want from any corner of the world and get it delivered to your doorstep. Similarly, for companies, internet connectivity has allowed companies to digitize their services for wider reach, operational efficiency and accessibility.
In Africa, the number of people online is growing faster, driven by the expansion of communications infrastructure and the affordability of internet-enabled devices.
In its Africa Cyberthreat Assessment Report 2024 released earlier this year, Interpol reports that on an individual level, growing access to the Internet is facilitated in particular by the widespread adoption of mobile phones, with over 650 million Africans using these devices as their primary means of accessing the Internet.
While good things have come as a result of internet adoption, increased usage has opened a Pandora’s Box of malicious actors who do not waste time infiltrating or taking advantage of those unprepared or unaware of their stealthy cybercriminal activities.
According to the report, ransomware, business email compromise, and other online scams were the fastest-growing cyber threats for African businesses last year, a trend that is likely to continue this year. Others are banking Trojans and phishing.
The Cyberthreat Assessment Report 2024 highlights that ransomware was as one of the most serious emerging threats on the continent, often targeting critical infrastructure, while online scams are still the main form of digital crime affecting individuals and organizations, in terms of volume and financial impact.
Worldwide, large and small businesses are at a higher risk of being targeted by these criminals as they embark on digitizing their business processes, and African businesses are no exception. No particular sector is safe, whether it’s finance, travel, the public sector, healthcare, manufacturing, e-commerce, or entertainment.
In Kenya, where the government has been pushing the digitization of government services, one of its most important platforms, eCitizen, suffered an attack last year that rendered many services on the platform inaccessible to both individual users and companies that wanted to make transactions through the platform.
With at least 7,000 government services now online in Kenya, you can imagine the number of people affected by the hack, which the government said resulted from malicious actors sending too many requests, causing the system to crash. This affected communication companies, banking and other services. As a business relying on government services to carry out day-to-day transactions, this meant the loss of revenue as payments could not be completed in real time. Though the attack was not directly on enterprises, it meant businesses in Kenya had to absorb losses due to revenue loss.
On the other hand, direct attacks on any firm’s IT systems always lead to data loss. In a world where data is the new oil, attackers often use this information to sell to rivals on the black market.
It is obviously not good for your business information to be available to cybercriminals. So cyber attackers often use this compromise on privacy to blackmail you into paying millions in ransom. Global ransomware payments in 2023 alone were in excess of US$1 billion, according to cybersecurity firm Chainalysis.
Losses for businesses can also stem from fines imposed by government authorities. For instance, in Kenya, organizations, both data controllers and processors, are held liable for any data breach.
Countering attacks
As the cybersecurity landscape is projected to continue rising in the future as a result of the continuous digitization of services and the migration of more people online, it is prudent for business owners to invest in ensuring the company runs on reliable and reputable IT systems that are well protected against any potential attack.
This means investing in software, such as endpoint detection response, which will be your online guard dog warning you and countering any potential attacks, mostly those that target employees through phishing emails and other forms of DDoS attacks.
Additionally, African enterprises should consider recruiting cybersecurity specialists who are aware of current and future attacks, especially in the age of Artificial Intelligence. A cybersecurity expert can help assess the threats and deploy remedial measures that will secure the company’s data and privacy.
It is always appropriate to be aware that attacks such as that on eCitizen may occur; hence, sufficient backup systems and alternative channels need to be identified early enough to reduce the impact, which, if not addressed, could cost millions in spending.
Companies must also ensure that their employees are aware of various forms of cyber attacks and acquire basic cybersecurity skills in order to act faster in case of an attack. Employees are often the point of entry for cyber attackers, so training employees to handle malicious emails and online scams could be perhaps the most important strategy for beating attackers at their own game.
About the Author: debbie
