By NJIRAINI MUCHIRA

More by this Author

Africa lost a staggering $3.5 billion in cyber attacks in 2017, up from $2 billion in 2016.

The Africa Cyber Security Report 2017 by Serianu, an information technology services and business consulting firm, shows that over 90 per cent of Africa’s businesses are operating below the cyber security poverty line (the point at which a company cannot protect itself effectively).

This means that a majority of companies, most of them in the financial services sector, spend less than $10,000 annually on cyber security, meaning they cannot protect themselves from cyber attackers.

Lack of investment in preventive technologies and lack of expertise to tackle sophisticated cybercrime, has led to a significant increase of cyber attacks.

Across the continent, over 95 per cent of private and public organisations spent a paltry $1,500 annually on cyber security technologies in 2017.

“Most businesses, especially small and medium enterprises, are struggling to put in place basic cyber security structures,” said William Makatiani, Serianu chief executive.

This is happening at a time when the number of cyber security experts in Africa are reducing in number after the massive hiring in 2017 by well-established organisations following the Ransomware attack.

In East Africa, a region with fewer than 2,500 certified cyber security professionals, the problem is glaring, with Kenya losing $210 million compared with $171 million in 2016, to cyber criminals.

Tanzania lost $99 million, up from $85 million in 2016, while Uganda lost $67 million compared with $35 million lost in 2016.

In Africa, Nigeria was the biggest causality, recording a loss of $649 million.

A significant proportion of these losses is attributed to insider threats, meaning that administrators and other privileged users have been exposing organisations to massive losses through malicious breaches, negligence and even mistakes.

Makerere University hack

“That most organisations cannot effectively protect themselves from cyber attacks highlights the dire need for protective mechanisms and the need for countries to work together to bring cyber defences up to par with global standards,” said Raychelle Omamo, Kenya’s Defence Cabinet Secretary.

Ms Omamo added that although the Kenya government is accelerating the enactment of the Cyber Security Bill, there is need for various trading blocs in Africa to embed cyber security in regional agreements and that policy and legal frameworks be harmonised.

Among other things, the Kenyan bill provides for punitive penalties of $200,000 fine or 20 years imprisonment or both for people convicted of cybercrime.

Banks, government agencies and departments, financial services providers like Saccos and microfinance institutions, mobile money service providers, hospitality and retail are the leading targets of cyber attacks.

Overall, banks and financial institutions in 10 of the African countries surveyed lost $248 million in 2017 with governments losing $204 million.

E-commerce providers lost $173 million, mobile service providers $140 million and telecom companies $119 million.

Ransom demands

Cyber criminals have perfected the art of malware attacks, ATM skimming, tax fraud, ransom demands, credit card fraud and SIM card swiping among their tools of trade.

“Businesses within the SME sector are continually automating their processes and as a result, their continued dependency on technology is raising their vulnerability,” Mr Makatiani added.

Some high profile cybercrimes reported in East Africa last year included the hacking of the Kenya Revenue Authority systems that resulted in a $40 million loss and hacking of Makerere University systems that saw the names of 50 students deleted from the graduation list.

The report identifies fake news, insider threats, Ransomware, cyber bullying and cyber pyramid schemes as some of the top cyber trends of 2017.

In particular, it contends that fake news has fast emerged as a new trend of cybercrime and calls on governments and social media owners to lay down measures to clamp down on fake news.