- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- The State of Security in 2024: The Fortra Experts Take a Look
Examining Africa’s imperative to strengthen cyber defences
Cyber criminals are targeting African economies in similar ways to their European or North American counterparts. “The numbers show that everyone is getting hit equally hard,” said Charl van der Walt, head of security research at Orange Cyberdefense, speaking on the first morning of the Summit.
While the cyberattack numbers in Africa might be slightly lower than in other parts of the world, van der Walt believes this doesn’t necessarily mean cybercriminals are actively targeting larger economies more than smaller ones. “What we’re seeing is not the bad guys saying, ‘Let’s find American companies to hack.’ Rather, they seem to throw mud at a map and see where it sticks, suggesting the targeting is less deliberate and more opportunistic.”
Everyone is a target
What van der Walt did highlight, however, is that the landscape appears to be changing. With law enforcement in many of the most targeted countries increasingly cracking down on large cybercrime syndicates, these hackers are quickly looking for alternatives. “Similarly, the market for this kind of crime is shrinking as the number of criminal groups grows,” he says. “Again, this drives criminals to start hunting for opportunities elsewhere.” So with this in mind, it’s inevitable that hackers are coming for smaller economies, like those in Africa.
Also speaking at the event, Jonas Bogoshi, CEO of ICT company BCX, noted that this trend is a big concern. According to him, 0% of appointments on large boards in South Africa have any cyber security experience, while only about 8% have some understanding of social networks and digital technologies. This is in contrast with large boards in Fortune 500 companies, where 8% have cybersecurity knowledge and 40% have digital tech expertise.
Everything is a target
As more companies embrace digital means to interact with their customers and use technology to transform business models, an increase in cyberattacks is expected, as well as an evolution in the methods and type of assets these cybercriminals are trying to steal. “When the physical world and the digital world come together, everything that we do online is under threat,” Bogoshi says, citing how a local radio station’s entire content library was accessed and encrypted in a ransomware attack.
Another phishing attack targeted the minutes of a large South African manufacturer’s board meeting due to the company’s substantial M&A activity. As hackers get smarter, they’re not only stealing data, they’re also analysing the information they steal to identify different pieces of value they can use to further extort victims. All too often, not knowing what your assets are, and thus, not putting the necessary processes and procedures in place to secure them, is opening us up to attacks, added Paul McKay, principal analyst at Forrester.
So, what to do? van der Walt suggests that community-led initiatives, like a cyber Neighbourhood Watch, may be the answer. These partnerships should be between a broad range of different players, from security professionals to governments, who want to make our digital world safer. It’s about organising a group of affected parties to collectively try to resolve the problem. And others agree.
Phillimon Zongo, CEO of the Cyber Leadership Institute in Australia, and Sandro Bucchianeri, group CSO at NAB Australia (formerly Absa’s group chief security officer), who also attended the event, described cyber security as a group effort. “Given the complexity of cybersecurity, it’s quite tempting for cyber leaders to think they know it all, but the days of the lone wolf are over,” said Zongo. “Cyber security has to be a team sport,” said Bucchianeri. “Making sure that you have enough players on the field is exceptionally important,” adding that there really is safety in numbers.
The right support structure
Unfortunately, more than half of cyber leaders globally find it hard to respond to current challenges because of a shortage of skills. “Cybersecurity is actually quite simple,” said Bucchianeri. “You need to get the basics right and execute your plans well. While I understand that it can be tough to execute when you have restrained resources, you need to focus on what you can do to move the dial forward as much as possible.”
When talking about securing buy-in from business and ensuring that cybersecurity efforts align with broader business goals, the suggestion that cybersecurity is a team sport is even more important. “For cyber leaders, the challenge is to learn to communicate the importance of cybersecurity with those who don’t fully understand the risks,” said Zongo. “If the CFO or any other non-technical executive doesn’t understand a cyber risk report, it’s unlikely that others will understand it either.” So when you articulate the risks well, the funding for efforts and initiatives to combat these risks will start to flow.
Today, the cyber leadership role is fraught with challenges. But the security leaders that drive lasting change have done so by avoiding unnecessary jargon, developing good relationships with key business stakeholders, and understanding that the measure of effective security depends on the well-being of others. “If you want to go fast, go alone. If you want to go far, go together,” said Bucchianeri, citing a well-known African proverb. “This is one of the most pivotal things you can do to make your cybersecurity programme a success.”