A great deal of effort and money has been poured into increasing internet accessibility in Africa, writes Maarten van Horenbeeck, chair of the Forum for Incident Response and Security Teams
In an ever more connected world, empowering a wide cross-section of the population to get online is key to encouraging industrial and social growth.
However, while increased internet access can enhance the lives of ordinary Africans, it also offers cybercriminals greater opportunity to break the law. There is now a significant gap between the connectivity of African nations and the ability of their governments to stamp out the growing market for cyber-crime on the continent.
This is very bad news for major African nations with fast-growing economies, such as Egypt and Nigeria, whose internal wealth and external trade can be severely damaged by the activities of online criminals who can potentially operate with impunity. Kenya recently released numbers indicating cybercrime cost them US$23mn in 2013, whilst the ‘Nigerian prince’ is practically a by-word for online scams around the world, causing the country to be shunned by many international retailers.
When it comes to addressing these problems, the security services have gained huge amounts of experience on their home turf, with a lot of sophisticated scams being perpetrated and many equally sophisticated counter-measures taken to stop them. For example, the malware Duqu was first reported in Sudan and is the successor to the infamous Stuxnet. Likewise, the malware Dexter originated in South Africa and perpetrates credit card fraud every bit as sophisticated as that found in other parts of the world.
However, the sheer diversity of cyber threats and the patchy levels of preparedness that exist across the continent are major problems for security in Africa. For example, a high personal wealth economy like South Africa suffers mostly from credit card fraud, whereas Morocco is more concerned with network security due to its strong links to networks in the Middle East. The fact that a problem in one country might not be a recognised problem in another means criminals can exploit blind spots. This problem even extends to the laws by which the internet is governed, which can be similarly erratic across the continent. Activities which may be considered crimes in one country simply haven’t been outlawed by the legislature of another and, even if they are against the law, there is sometimes a problem with enforcement in politically unstable regions. It’s pointless eliminating high-tech crime from Egypt if the perpetrators can cross the border to Sudan and carry on undeterred. Likewise, improving network security in Senegal would only be a partial solution when the vast majority of internet use in the country is on mobile devices.
This diversity of issues makes it difficult for Africa to present a united front against cyber-crime, which is a problem because co-operation between governments, IT professionals and security agencies is essential if criminals are to be prevented from hiding among patchy legal and security systems.
Knowledge-sharing is key to preventing cyber-crime in Africa posing a threat to the rest of the world – this is why FIRST is committed to offering training and networking opportunities in Africa. Failure to address the problem will mean criminals won’t need to fear even the most sophisticated security in other parts of the world, because they can bypass this and attack the global network via Africa.
There’s a clear need for establishing shared approaches and terminology when dealing with cyber-security issues in Africa. Meaningful change will come through effective collaboration and sharing of best practice across the continent.