Cyberattack surge highlights Africa security risk
- COVID-19 is influencing increased internet use in Africa
- But a study shows increased cyberattacks in Kenya, Nigeria and South Africa
- Lack of cybersecurity laws in Africa is partly to blame, experts say
Kenya, Nigeria and South Africa experienced millions of malware and other attacks between January and August, according to data from cybersecurity company Kaspersky.
Potentially unwanted applications (PUA), also known as grayware, are programmes that come pre-installed on phones and computers and can pose security and privacy risks. Malware, which includes spyware and viruses, is software designed to cause damage.
“There were 3.8 million malware attacks and 16.8 million PUA detections,” says Kaspersky. “In South Africa, there were almost ten million malware attacks and a staggering 43 million PUA detections. Kenyan users faced even more malware attacks — around 14 million and 41 million PUA appearances.”
“In some countries, these attacks have taken a new dimension, impersonating non-governmental organisations working on COVID-19 response.”
Verengai Mabika, Internet Society
Zimbabwe’s Verengai Mabika, senior policy advisor for Africa for the non-profit Internet Society, tells SciDev.Net that the number of cyberattacks have grown five times during the COVID-19 pandemic, exposing Africa’s limited digital awareness and capacity.
“In some countries, these attacks have taken a new dimension, impersonating non-governmental organisations working on COVID-19 response, or phishing using the subject of coronavirus or COVID-19 as a lure,” Mabika says.
Cyberattacks can lead to breaches of national security secrets or theft of valuable, sensitive data like medical records and computer networks can be paralysed making data unavailable, Mabika explains.
Denis Parinov, security researcher at Kaspersky, tells SciDev.Net that home users in the region have a higher chance of malware infection compared with corporate users.
“Users at home are generally less aware about computer threats and tend to be more carefree when browsing the internet, reading emails or installing software,” he says.
Parinov says cyberattacks can be avoided by not downloading unknown software, avoiding suspicious links or links from unknown sources, and manually typing a website address, rather than following a link.
Mabika says Africa’s vulnerabilities stem from the lack of cybersecurity legal frameworks, lack of digital literacy and weak cybersecurity systems,
“Many countries still have not ratified the African Union Convention on Cyber Security and Personal Data Protection, known as the Malabo Convention, which could give a framework for responding to these threats,” Mabika explains.
He says cybersecurity does not seem to be a top priority for most countries.
Thabo Johnson, founder of the South Africa-based African Society for Cyber Security Awareness, says there is no government programme or campaign for cybersecurity awareness. Most African countries, including South Africa, do not have a cybersecurity law, he says, adding that leaders do not seem to understand the danger of cyberattacks.
“We don’t have a platform to report or prevent the attacks,” he says.
Johnson calls on government to invest in massive awareness campaigns and programs and enact requisite laws.
This piece was produced by SciDev.Net’s Sub-Saharan Africa English desk.