Although less than half, about 39.5 percent of Africa’s 1.3 billion people are on the internet, it is proving a very difficult task to keep them safe and out of the reach of criminals who roam the cyberspace on a daily basis. It is not just in Africa, to be fair, the rest of the world are having to stumble along as cyber criminals get more sophisticated and exploit every little vulnerability.
Oftentimes all it takes to wreak major havoc in an organisation could come from these small loopholes which could be from any member of the company. In a recent report, 87 percent of senior managers admitted to technically leaking business data.
The difference between Africa and the rest of the world is in response. While a few African countries have managed to come up with a legal framework, the documents are accumulating dust from lack of enforcement thereby enabling criminals to prowl with little fear of any official deterrents.
The health and financial sectors have been the most targeted as half of cyberattacks perpetrated in 2018 came from there. In stealing data from these sectors, including passwords, the attackers are enabled to launch further strikes and multiply the return.
David ‘Dwizzle’ Weston, Partner Director of Enterprise and OS Security at Microsoft told BusinessDay on the sidelines of a security meeting in Johannesburg that the bread and butter of cyber security is intelligence. Threat intelligence for instance, provides actionable early warnings about the bad things that are out there. That’s typically for larger companies that have a security operation that will know what to do with the information
Weston leads an army of cyber hackers saddled with the responsibility of finding every form of vulnerability in Windows products and create the most potent defense for them.
“We basically try to stay ahead of the hackers,” he said.
His team of ethical hackers are divided into the Red Team and the Blue Team with the former being the antagonists and the latter making up the defense line. Being a global tech business with growing focus on cloud, the Redteam whose job requires identifying the vulnerabilities are a prized asset to Microsoft.
There are 6.5 trillion threat signals that go through the Microsoft cloud every day. In 2018 attackers used a variety of tricks both new (coin-mining) and old (phishing), on their ongoing quest to steal data and resources from customers and organisations.
The Red Team’s work with intelligence from multiple data sources to stay ahead of the criminal competition.
“What we found is that attackers are constantly shifting their techniques,” Weston said.
That attacks may not be making the news regularly in Africa like as it’s the case in other continents, does not mean it is reduced. According to Microsoft Security Intelligence Report, the five locations with the highest average monthly ransomware encounter rates in 2018 were Ethiopia (0.77 percent), Mongolia (0.46), Cameroon (0.41), Myanmar (0.33), and Venezuela (0.31). This was not the case a few years back when ransomware encounters used to cluster in wealthy countries and regions in Europe and North America.
Theo Watson, commercial lawyer for Microsoft Africa said during a presentation that a weak regulatory environment on the continent has ensured enforcement is far below expectations, hence companies don’t take transparency seriously.
“The drive from Microsoft is to inspire trust in the cloud and we do this through providing transparency across compliance, control and protection,” Watson said.
Lack of enforcement of cyber security laws is largely behind the rise of brazen characters like Obinwanne ‘Invictus’ Obi and some 80 Nigerians the FBI said were behind attacks that targeted families in the US and defrauding them up to $1.1 billion.
Deloitte noted earlier in the year that use of phishing emails to trick Nigerians into divulging sensitive information increased in 2018. They expected the attacks to grow even more in 2019. Although financial institutions have put in place effective systems to check this trend, other sectors in the economy have become targets. (e.g. Maritime, Consumer Goods, Energy, Telecommunications, etc).
“We are constantly engaging governments across Africa,” Watson said.
Government’s participation and collaboration with private sectors is critical to efficiently policing the internet and keeping citizens away from the reach of criminals.
Watson sees government attention growing in the years to come. At the moment it is slow as politics often overrides genuine intentions to protect people.
“It takes a lot of patience,” he told BusinessDay.
