The last couple of years have seen an increased move towards digital transformation, not just of business models, but of day-to-day lives. As the world pivoted to meet the challenges imposed by the COVID-19 pandemic and subsequent lockdowns, both the private and public sectors saw the need to accelerate their digital transformation to continue operations.
Traditional brick-and-mortar businesses had to at least offer an online component to customers. Schooling and meetings went online. Employees saw the rise of the hybrid working model, which now sees them working both in an office and at home on different days of the week.
The need for connectivity underpinned all these developments; none of them could function satisfactorily without dependable, stable, and fast online connections. But what many may have overlooked about our ever-increasingly online world is that it has broadened the space in which cybercriminals operate, and there is hardly any connected body corporations, NGOs, governments, and citizens who are not a potential target.
A study compiled by Liquid Intelligent Technologies highlights that there is a key trend that cyber criminals are becoming more targeted and organised in their breach attempts in Africa. As one of the fastest growing regions internationally, Africa was projected to have around 1 billion internet users by the end of 2022. The study notes that as the continent is ‘also the world leader in the use of digital money transfers, it is particularly vulnerable to cybercrime, especially as cyber security laws and regulations trail those in other countries significantly.’
“Because this type of criminality has become more widespread, education about how to guard against it is now more vital than ever before,” says Ignus de Villiers, Liquid Intelligent Technologies Group Head of Cyber Security. “Employees must be continually educated on what constitutes good cyber security hygiene.”
Adoption of cyber security best practices are easy to learn (they can be seen below under cyber security tips). But, while educating their staff about how to avoid cyber-attacks is vital, businesses also need more robust cyber security measures in place. Whatever their size or model, companies need to guard against attacks such as identity theft, email compromise, and more.
In the study, Liquid spoke with IT and cyber security decision makers in South Africa, Kenya, and Zimbabwe to understand the evolving threat landscape and its likely impact on businesses. The final report paints a rather disturbing picture in that it shows:
- A high increase in both the frequency and technological prowess of cybercrime being identified
- Corporations on the continent are more vulnerable to breaches as it is estimated that over 50% of African countries have inadequate safeguards
- Cyber security legislation and regulations are lax or non-existent, making cybercrime easier for cybercriminals
Cybercrime can have severe impacts on any business. As the study reveals, these can range from financial (26%), to information theft (18%), to reputational damage (17%) to the disruption of business operations (14%). While most of the companies the study sampled all increased their cyber security measures in 2021, 79% of them declared that they’d seen an increase in cyber security threats in the same year, a significant increase on the previous year.
Recently a report released by Interpol noted that the growing demand in Africa for digital services – the continent has the globe’s fastest growing internet and mobile networks and is the world’s biggest user of online financial services – has thrown its cyber security shortcomings into sharp relief. The same study states:
“The unique challenge for Africa appears to be the critical absence of cyber security protocol, cyber resilience as well as mitigation and prevention measures for individuals and businesses. As a region that is embracing digital transformation, Africa needs to invest extensively in improving the safety and security of cyberspace.”
Considering these reports, the only effective way to ensure your business is protected is to have a resilient cyber security framework in place.
As one of Africa’s leading cyber security providers, Liquid Intelligent Technologies offers end-to-end managed security services for digital solutions, for businesses of any size. These include measures such as secure email, firewalls for network defence, anti-virus software, and managed networks to protect outside users such as consumers. In addition, Liquid believes in training employees to be the first and best line of defence against cyber-attacks.
“Our offerings are designed to secure customers at every intersection of their digitally transformed business,” says Unathi Mothiba, Liquid Intelligent Technologies Group Product Manager, Cyber Security.“They cover all aspects of security, minimising the opportunity for breaches and risks,” he says.
Cyber security should be a major priority in Africa for businesses, governments, NGOs, and individuals. Cybercrime is not going away, and we all need to be on our guard against it.
Cyber security tips
These specific tips have been chosen because they are best practices for employees – whether working remotely or in an office.
Liquid’s report highlights that around 32% of all breaches in the companies surveyed were through compromised passwords, so it is vital to make sure passwords are strong. It is also a bad idea to use words that are easy to guess, such as the names of loved ones, pets, or simple words like ‘password’ or ‘1234’. Use strong passwords or phrases which consist of letters and numbers, at least one capital letter, a special character and make them 14 characters and more. It is easier to use and remember sentences, e.g. ‘My son only has $10 to spend a week.’ It’s also better to implement and use two-factor or multi-factor (MFA) authentication, where users authenticate by providing a password, and a PIN received via a cell phone they have with them.
Email is one of the most frequent avenues that cybercriminals use to breach organisation security measures. Using targeted phishing attacks, social engineering and more, hackers use innocent-looking emails to entice users to act on them and gain access to an organisation’s data and networks, or to install malware including ransomware. Email attacks accounted for over 60% of system breaches in 2021. So always look at the sender’s email address and be wary of emails from addresses you do not recognise, and don’t open any links or attachments that look suspicious. Such emails should be reported to your company’s IT or security department immediately.
Make sure your software is up to date, sanctioned and known vulnerabilities are remediated
Cybercriminals frequently make use of legacy exploits, which are security holes in software that has not been updated, or that was weakly configured. According to Liquid’s study, 2021 saw a 30% increase from 2020 in these types of intrusions. To make sure you are not vulnerable in this regard, it is vital to keep the software up to date on your work and/or private laptop, tablet, and smartphone. Equally important in this regard is not to use unsanctioned or unapproved software, as most free applications, and websites offering those cannot be trusted.
Invest in advance endpoint protection software
It is obvious that buying anti-virus or rather more comprehensive endpoint protection software is crucial, but you would be surprised by how many companies and individuals do not bother. But going online without comprehensive endpoint protection software is like diving off an airplane without a parachute. It is vital in protecting against all sorts of cyberattacks, which can lead to data breaches, including data leakage, data disclosure, ransomware, data extortion (all stood at 59% in 2021) and identity theft. Make sure you buy and install robust protection, meaning advanced endpoint protection rather than just anti-virus, and it is advisable to pay more for a reputable brand in this field. This does not just apply to desktops and laptops; it is well worth buying the same for your smart devices as well.