June 15, 2021

Africa under threat of “digital chaos”

A “Digital chaos”. This is the threat hanging over an Africa increasingly interconnected but lagging behind in the area of ​​computer security. This alarming finding was unanimous among the participants of the first Cyber ​​Africa Forum, an event bringing together African and international cybersecurity experts, Monday, June 7 in Abidjan.

In recent years, digital technology has grown by leaps and bounds on the continent. The best example concerns the financial services sector, where many African countries have moved directly from cash to mobile payment. But cybersecurity remains the poor relation of this transformation. Poor infrastructure, lack of skills and lack of awareness among businesses and users make Africa particularly vulnerable to cyber attacks.

Read also In Ivory Coast, cyber-scammers are reinventing themselves with new technologies

“Digitizing without protecting is dangerous”, hammered Monday Roger Adom, the Ivorian minister of the digital economy. For this former “Mr. Tech” of the Orange group in Côte d’Ivoire, institutions and companies in his country as well as in the sub-region are facing a “Major challenge”. In ten years of existence, he recalled, the incident center of Côte d’Ivoire has quantified the cost of cybercrime for the country’s economy at 20 billion CFA francs (about 30.5 million francs euros).

Teleworking increases the risks

On a continent-wide scale, this loss was estimated at 3.5 billion dollars in 2017 (around 2.9 billion euros at the time) in a study published by the pan-African cybersecurity firm Serianu. A major prejudice that increasingly worries policy makers and private sector leaders. Because cybercriminal organizations no longer have much to do with the archaic image of Ivorian “grazers” and Nigerian “Yahoo boys” of the 2000s, authors of scams (to feeling) and small ransoms on the Web. Today, attacks are carried out by prowled individuals and organized entities.

In September 2020, cybersecurity software publisher Kaspersky indicated that Africa had been the target of 28 million cyber attacks between January and August 2020. The Covid-19 pandemic has increased the risks. In a study of 211 large companies based in eleven French-speaking African countries and unveiled Monday, the consulting firm Deloitte reveals that 40% of them have known “An increase in the number of incidents” since 2020. In question, the “Even greater attack surface”, a consequence of teleworking, to which 92% of the companies questioned indicated that they had used partially or totally since the start of the health crisis.

Read also The new African “cyber scams”

While all sectors of activity are targeted, “Cyber ​​attacks are mainly focused on the financial sector and sectors of vital or critical importance, such as water, energy and telecommunications”, because they are more interconnected than before, specifies Dhia Hachicha, director at Deloitte and co-editor of the study. And it might go crescendo, he recalls, as energy networks shift to « smart grid », a model digitizing electricity distribution.

The proliferation and sophistication of attacks requires the development of a culture of cybersecurity. However, according to the Deloitte study, two thirds of African companies surveyed spend less than 200,000 euros per year on this subject. Low budgets, most of which are allocated to infrastructure, without real investment in the crucial area of “Data security”, Indian Dhia Hachicha. “The level of cybersecurity on the continent is improving, he concedes, but not at the same rate as elsewhere in the world. “ According to him, the level of maturity in cybersecurity is ” most important “ in English-speaking Africa, due to“Older and more deployed connectivity”.

“Convert and recruit grazers”

On the side of the authorities, the taking into account of digital risk is progressing slowly. Nationally, most states have adopted a legal arsenal to govern cyberspace and crack down on crime. But the continental initiatives are already old and little followed. Adopted in 2014, the African Union Convention on Cybersecurity and the Protection of Personal Data – called the “Malabo Convention” – “Has only been signed by 18 countries and ratified by eight”, sighs Adnane Ben Halima, vice-president in charge of public relations of the telecoms company Huawei Northern Africa.

Read also In Senegal, a center to train Africans in cybersecurity

The challenge is also the training of new skills in this field. Because human capital is lacking, especially in French-speaking Africa, where the market is forced to recruit abroad, at a high price. Provocateur, Charles Kié, co-founder of the investment company New African Capital Partners and a keen connoisseur of the issue, suggested “Convert and recruit grazers”, like what did “The United States and Russia”. To date, training initiatives, particularly in Dakar, are floundering, and universities have not yet integrated cybernetic skills needs into their curriculum.

By bringing together personalities from the public and private sectors around cybersecurity issues, Franck Kié, the commissioner general of the Cyber ​​Africa Forum, hopes that“A global vision can emerge from this ecosystem”. And to convince the most reluctant to take an interest in it, the young man reminds us that if cybercrime has a cost, it also offers opportunities: according to the Africa Cyber ​​Security Market organization, the African cybersecurity market continues to grow. and would have increased from 1.33 to more than 2.32 billion euros between 2017 and 2020.