Why is Africa such a big cyber crime target?

Johannesburg, 26 Jan 2021
Read time 6min 10sec
Dean Steenkamp, Check Point Channel Manager, Westcon-Comstor Sub-Saharan Africa
Dean Steenkamp, Check Point Channel Manager, Westcon-Comstor Sub-Saharan Africa

Africa is firmly in the crosshairs of cyber criminals. Every day, the continent’s people, countries and companies are targeted by internal and external attackers bent on stealing data and money. The scope of these activities is staggering and deserves closer attention. According to Check Point Research’s latest Threat Intelligence Report for Africa, the region saw an average of 1 293 weekly cyber attacks on African companies, compared to just 485 attacks per organisation globally.

“The most targeted country in Africa is Angola, and the top malware in Africa is Emotet, impacting 13% of organisations,” says Pankaj Bhula, Regional Director for Africa at Check Point. “Perhaps more critically is that 87% of malicious files in Africa are delivered via e-mail, which lets us believe that there is still a fair amount of education that organisations need to do to improve their security defences. A common method used by cyber criminals is sending remote code execution files, with the report showing that over 61% of organisations have fallen prey to this type of attack.”

A favourite target

Why is Africa such a favoured target? It’s tempting to point to the continent’s incredibly high mobile-phone penetration, though experts note that most of these are feature phones and thus not really a cyber crime interest. Instead, attacks on smart devices in Africa are comparable in type and numbers to other regions, despite a much higher user number. This indicates that the average person in the street often doesn’t interact with the staging areas criminals could use, such as compromised app stores or mobile device management environments.

Instead, it’s crucial to note that the attacks used on African targets are the same as seen elsewhere. The situation isn’t unique. Perhaps the higher prevalence of local attacks point to shortcomings in preparedness and technology investments, says Dean Steenkamp, Check Point Channel Manager at Westcon-Comstor Sub-Saharan Africa:

“The higher attack rates are in part because consumers and businesses don’t have the latest technologies with the best security on them, and secondly, because there is a lack of general awareness around security in less developed regions. Thirdly, because of the growing demand for digital and cloud-based services. The reality is that the security solutions do exist, but there is simply a lag in uptake.”

Cost is a contributing factor. As an emerging economy, Africa often doesn’t have the disposable income to spend on constant technology refresh cycles. Numerous businesses rely on legacy on-premises environments that, in some instances, have passed their shelf-life.

“When you are sitting on a large vault of legacy solutions that are difficult to upgrade and maintain – your security also suffers,” Steenkamp adds.

The big targets

Africa, of course, is not a country. Cyber attacks don’t happen equally across its landscape. Countries like South Africa, Kenya, Nigeria and Angola receive much more attention from criminals, attracted to digital maturity, diverse industries and large corporate landscapes. In particular, South Africa is a big fish – according to Accenture, it has the third most cyber crime victims worldwide, losing R2.2 billion a year. But such economies are also more likely to invest in better security.

“Digital maturity is definitely a factor, as is economic distribution and the size of the corporate landscape,” says Steenkamp. “Suppose we factor in economies like South Africa, where digital devices are exceptionally pervasive, but there is also a mature business economy. In that case, there is a correlation between education as well as security solutions being used by businesses to thwart attacks.”

Who targets African countries? Foreign sources are a major concern, says Bhula: “The vast majority of attacks affecting African organisations and consumers tend to originate from Russia, the United States, and the East. With Africa being a soft target and many users using cheaper mobile devices that don’t have security built-in, it is easier for threat actors to inject malware like xHelper and Emotet.”

He adds that local criminals are fast learning the latest tricks as well: “Conversely, cyber criminals in Africa are sourcing these techniques from the dark Web and then executing on them locally. This is very common with info stealer techniques as well as ransomware and crypto mining.”

Fixing African security

The notion that Africa isn’t a big target is a myth. Firstly, Africa has many lucrative targets when attackers work at scale and net many victims. Secondly, Africa is a digital continent, albeit not as mature yet as some other regions.

What can we do about this? Fortunately, it’s not a unique problem – cyber crime is a significant challenge across the world. There are reliable strategies that could be implemented locally to make a difference – especially as organisations adjust to new workforce patterns.

“Better training, better security systems, better personal security and generally better awareness of the types of attacks is needed,” Bhula explains. “Now that we have more people working from home, we also see the pervasive use of personal devices, especially on the continent where we evidenced a big problem with supply and demand for electronic goods. Companies battled to get the devices their staff needed to work from home, which led to them using their own. The problem here is that as soon as an individual is outside of the firewall, and they aren’t adhering to the security policies of the business – security issues can sneak in. We are working with customers to not just deploy better, more robust security from the cloud to the edge, but also train and change the behaviour of the users. Unfortunately, when it comes to security, humans will always be our weakest link.”

Steenkamp agrees, adding that better security policy management and enforcement is a great starting point.

“As the technology landscape changes and we start to see the cloud and mobility creep into African businesses – there is a need for more inclusive security policies. When the right policy is in place, we can start looking at techniques, such as better password protection and user education around changing passwords often and using hardened passwords. Other practices that will work well in Africa include improved network maintenance, encryption, better cloud security and more defined admin rights.”

Social awareness about cyber crime, especially as users flock to public services such as social media, is crucial. But there is also an opportunity in the growing demand for cyber security skills across Africa. As the continent’s users become more security-aware, and more of its professionals enter the cyber security world, Africa’s digital landscape will become safer. But for now, it remains a big target for criminals.

See also