The Liquid Intelligent Technologies 2021 Cyber Security report was published this week. The report’s survey is based on a sample of 141 information technology (IT) and cybersecurity decision-makers, 72 of whom are in South Africa, 41 in Kenya and 28 in Zimbabwe.
Cybercriminals and hackers have been focusing on Africa, where working at home has extended the front that companies need to defend in an environment where controls are weaker than in developed countries. More than half of countries in Africa have inadequate cybersecurity laws, while weak and outdated security systems cost the continent a $4bn per year, the report says.
“Relaxed IT security standards and new security vulnerabilities and threats during the pandemic have increased the risk of loss” across all sectors of African business, says Santho Mohapeloa, senior cyberinsurance underwriter at German insurer Allianz.
The new work-from-home reality has brought about “exponentially greater attack surfaces,” he says. “The culprits are international criminal groups from Asia and Europe.”
In the survey, 79% of companies in South Africa, 78% in Kenya and 82% in Zimbabwe said that they had experienced an increase in cybersecurity threats in the past year.
- That was driven by remote working, entailing greater use of cloud-based apps, services and storage.
- The report finds that 69% of surveyed companies in South Africa and 66% of companies in Kenya have most of their staff still working from home. That is the case for only 32% of companies surveyed in Zimbabwe.
- Email-based attacks such as phishing and spam were the most cited security threat in the survey, identified by 67% of respondents. Data breaches were cited by 59%, followed by web application and web-based attacks, cited by 51%.
“Shadow IT” is a danger that increases with working at home, the report says.
- This refers to IT systems, applications and processes deployed in a decentralised way by departments or staff without the knowledge or control of the centralised IT function.
- The result is often “vulnerable back doors that provide easy access”, the report says.
In August, cybersecurity firm Kaspersky found that South Africa, Kenya, Nigeria and Ethiopia were hit by 85m malware attacks in the preceding six months, with South Africa accounting for 32m. Perpetrators have become more professional, and their profile has also changed from individuals to groups, organised syndicates and even governments, the Liquid report says.
Liquid says that the dangers will keep growing on a continent that will have 1bn internet users by the end of 2022 and is also the world leader in digital money transfers.
The report recommends steps that companies can take to protect themselves.
- These include a secure email gateway or service to prevent phishing.
- It is also important to address the human factor through security training and carrying out phishing simulations to get staff attuned to the risks, the report says.
- Multifactor authentication is key for remote-access solutions, as attackers have an easy way in if they have managed to discover user credentials, it adds.
- Some attackers use lax Wi-Fi security to get user credentials and passwords, making it important to combine Wi-Fi certificate and user authentication.
The prospect of long-term working from home for many means a cybersecurity overhaul is urgent for African corporates.
Understand Africa's tomorrow... today
We believe that Africa is poorly represented, and badly under-estimated. Beyond the vast opportunity manifest in African markets, we highlight people who make a difference; leaders turning the tide, youth driving change, and an indefatigable business community. That is what we believe will change the continent, and that is what we report on. With hard-hitting investigations, innovative analysis and deep dives into countries and sectors, The Africa Report delivers the insight you need.View subscription options