Bethwel Opil, Kaspersky Lab

A recent rise in technology developments in regions like Nairobi, Kenya has brought about the need for an increase in IT security awareness in Africa.

According to channel sales manager for East Africa at Kaspersky Lab" rel=tag>Kaspersky Lab, Bethwel Opil, the state of security across the African continent remains a concern, given the current socio and economic conditions, like infrastructure and education, which add to the complexity of information security. “Take, for example, the recent ‘Red October’ virus, which was designed to steal information from governments and embassies. Kenya was, in fact, one of the five African countries that fell victim to this virus. Additionally, the global cyber security network stated that attackers of this virus actually targeted countries they perceived as vulnerable in terms of inadequate security measures to protect their data online.”

So the reality is, he continues, Africa remains vulnerable and action needs to be taken to increase the awareness among business and consumers alike around the need to correctly secure information online. “The KPMG Africa Fraud Barometer Report has also supported this requirement, where its findings indicated that the country in Africa with the highest value rate of fraud and cyber crime is Nigeria, at an estimated value of $1.5 billion.”

Samresh Ramjith, senior manager of security at Accenture, says IT as a whole is still nascent in the African landscape. “However, rapid strides are being made to leverage the proliferation of mobile communications, emerging broadband and international connectivity, in order to provide digital channels to emerging African markets. Many African states are simply leapfrogging into the 21st century by adopting and deploying ‘new’ computing paradigms, such as mobility and cloud computing, as their replacement for legacy infrastructure.”

As with any new or emerging technology area, he continues, many of the inherent risks remain latent until mass adoption occurs. “This means that unless information security is being considered as part of the adoption of these new computing paradigms, it is very likely that African organisations will become the new targets for cyber attacks. Emerging Africa needs to be cognisant of the inherent risks in this brave, new digital world, and use the opportunity to adopt a strong information security framework and strategy to defend against cyber attacks while embracing the promise of a technologically-enabled society.”

Andy Travers, VP of sales in UK, Ireland & Sub-Saharan Africa for F5, states certain industries – banking, for instance – in Africa have been dealing with information security threats for a considerable time, so in that sense there is an awareness of and ability to counter threats to data integrity. “As the Internet takes hold and connectivity improves in more industries and for more individuals, knowledge gaps will begin to appear that will inevitably be targeted by cyber criminals,” he says.

Limited connectivity had made Africa a less tempting target for cyber attacks in recent years, he says, but this is no longer the case as the continent becomes increasingly reliant on technology.

INCREASE IN MALWARE

Samresh Ramjith, Accenture

According to Opil, as with any emerging market, when there is an increase in Internet and bandwidth and where broadband becomes more readily available, it is closely followed by an increase in viruses and malware. “Certainly, Africa is no different,” he says. “Over the last few years, bandwidth access to the continent has increased, and so too has the opportunity for cyber criminals – who explore unsuspecting users from a business and consumer perspective with the hope that emerging nations do not fully understand all the requirements of keeping their online data protected. However, this is exactly why Kaspersky Lab has established a presence in Kenya – to ensure we remain vigilant in educating all users as to the tools and solutions available both for PCs, mobile and corporate networks to safeguard their data.”

Says Ramjith: “A direct comparison of information security between different emerging markets is fundamentally quite difficult, given the vastly varying sociopolitical and legal environments that prevail in different environments.”

However, as a broad generalisation, the emerging markets that are exposed to greater global operations and competition tend to take information security more seriously, he explains. “This means that we can expect to see some industries on par with other emerging markets (financial services, telecommunications), while other sectors may be lagging behind, unless they have strong motivation to factor information security into their initiatives.”

CHALLENGES

In many respects, information security challenges are the great equaliser globally, according to Ramjith. “Defining, planning, implementing and maintaining a coherent, effective security management programme is a challenge faced by organisations globally, not just in emerging markets. The challenge for emerging markets is generally the speed of adoption of technology, and the level and availability of skilled information security specialists familiar with global challenges and effective solutions, in order to integrate security good practices as an integral underpinning of technology adoption. Identifying risks and then formulating effective risk management strategies can be a time-consuming and inaccurate effort, unless experienced risk managers are involved to balance the qualitative nature of risk management with quantitative risk baselines.”

He believes the African landscape faces unique challenges in terms of the diversity of operating conditions and environments that vary greatly not only from country to country, but sometimes within countries as well. “This diversity adds a new dimension to information security awareness, especially when one considers that access to the Internet is still a fairly recent development on much of the African continent. One of the uniquely African challenges is the lack of a strong regulatory framework and enforcement body to provide baseline prescriptive information security guidance, based on identified African risks. Without clear information security regulations, there is a very real risk of varying ‘standards’ being implemented by organisations even within the same industry, which could lead to anomalies, eg, in the collection of evidence during a fraud investigation,” he says.

From a security point of view, Opil explains, challenges lie in increased mobility. “Africa, as a continent, has witnessed the largest growth in mobile connectivity in comparison to any other continent, according to SouthAfrica. info.”

The report states: “The mobile industry could fuel the growth of 14.9 million new jobs in the region between 2015 and 2020.”

“While certainly this is an incredible growth rate for the further development of the economy, and of course, productivity for businesses as mobility continues to grow, it also has an implication on security,” says Opil.

From the enterprise perspective, explains Travers, the primary concern is probably around threats to Web services. “The types of threat characterised by the WikiLeaks attacks of 2012 – that is to say, massive DDOS attacks – have emerged as a major concern in Africa. The scale of attack needed to take down sites in Africa is generally far lower than in other parts of the world, so this type of attack, especially when you consider the prevalence of unsecured botnets in the region that can be used in a DDOS attack, is an area that needs addressing,” he says.

“Sheer geographical spread means that services such as online banking are widely used and therefore need to be secured, so mobile and transactional security is a defining characteristic,” Travers continues. “On a more geopolitical scale, the somewhat unstable nature of some parts of the region may contribute as an attack driver. As we’ve seen in other parts of the world, cyber attacks are increasingly a part of the repertoire of organisations that are more traditionally associated with physical security threats – like terrorist groups.”

However, says Travers, the biggest challenge emerging parts of the world face, especially in security, is the type of knowledge and expertise that is generally only built on hard-won experience of being exposed to the myriad attacks that are a day-to-day concern for, say, the security team at a major bank in SA. “Security vendors, especially those with a global footprint, will know what is likely to affect the African market in future, as they will have direct experience of other parts of the world that are a little further down the line. So the opportunity for vendors is to educate and become trusted partners for enterprises in Africa as the market develops.”

As previously mentioned, mobility in Africa is growing at an alarming rate, explains Opil. “This provides huge opportunity for security vendors to provide protection from hackers breaking into organisations’ servers through employers’ phones or stealing consumers’ personal information. Hackers are aware of all this influx of mobile technology in Africa, and that organisations and consumers are vulnerable and uneducated on the importance of providing security for their mobile phones,” he says.