Kathy Gibson reports – As cyber attacks become more frequent, and more crippling, a massive shortage of cybersecurity skills is hampering Africa’s ability to meet the onslaught.
This is one of the troubling findings from “Elevating Africa’s Cyber Resilience”, a new whitepaper published by Cisco in collaboration with public policy consultancy Access Partnership, and the Centre for Human Rights at the University of Pretoria. The study analyses the cybersecurity landscape in Africa, with a focus on three key areas: people, technologies, and policy.
With just over 57 000 cybersecurity professionals, South Africa is massively under-resourced – but a lot better off than other African countries. Nigeria, for instance, has just 8 352 cybersecurity professionals.
These skills shortages are particularly prevalent in rural areas and among women, where digital literacy is still an issue.
Charmaine Houvet, senior director of government strategy and policy at Cisco Africa, points out that the study indicated that at least one-third of the continent remains unconnected, and close to 700-million are still digitally-illiterate.
“We have to find ways to partner and collaborate to make digitalisation a reality for African citizens,” she says.
Meanwhile, the continent is coming under increased pressure from cyberattacks. “Africa is one of the fastest-growing regions in the world for internet penetration and the use of mobile-based financial services, making it an increasingly attractive target for cybercriminals,” Houvet points out.
“Businesses and the public sector urgently need to increase cyber resilience to compete globally, change the continent’s economic path and attract investment.”
According to data cited in the study, cybercrime cost Africa more than 10% of its GDP in 2021, equating to roughly $4,12-billion in losses.
The frequency and complexity of cyberattacks have escalated, posing a substantial barrier to the continent’s socio-economic development. In the second quarter of 2023, Africa experienced its highest average number of weekly cyberattacks per organisation, reaching 2 164 attacks, a 23% increase from the same period in 2022.
Attacks in Africa mirror the global picture, where 2023 alone saw over 2 800 publicly disclosed data breaches, involving the theft of over 8,2-billion records.
The difference lies in how ready organisations are to meet these attacks. Cisco’s Index found that only 3% of African respondents fall into the “Mature” (ready) category. Worryingly, this is down from 15% in the previous study.
Compounding the complexity is the proliferation of cyberattacks which outpaces response mechanisms such as the development of robust regulatory frameworks and the cultivation of proficient human resources, to counter such threats.
The growth of cyberattacks outpaces the development of effective response mechanisms, including robust regulatory frameworks and the training and upskilling of defenders.
Sectors such as manufacturing and energy exhibit relatively higher percentages of proficient cyber skills, while financial services and public administration face acute demand due to regulatory scrutiny and frequent cyber-attacks.
Public and private sector collaboration is essential to closing this skills gap.
“Entities in the private sector can scale learning initiatives to improve career opportunities, boost employability and build the necessary skills required for jobs of the future,” says Houvet.
She points out that, in the last 25 years, Cisco invested over $180-million and educated more than 1,6-million students in digital and cybersecurity skills across the continent via its Networking Academy program. “In 2022, we pledged an additional $200 -million to be spent over the next decade to train 3-million more students in digital skills and cybersecurity in Africa.”
Houvet points to a finding from the study that a combination of people, digital skills and trusted technology is the key to addressing the increased volume and impact of cyberattacks.
The rapid development of technologies such as 5G, robotic process automation, and generative AI presents renewed opportunities for cybercrime. Cyber attackers target Africa’s critical infrastructure, using advanced techniques like AI for sophisticated attacks.
Common vulnerabilities include malware, social engineering, and credential compromise. Ninety-four percent of South African organisations reported being targeted by phishing attacks in 2023, highlighting the need to build cybersecurity resilience and deploy advanced cybersecurity technologies.
These include encryption and cryptography, security information and event management (SIEM) systems, and cloud computing. AI and machine learning (ML) technologies are becoming more sophisticated, and even blockchain is being employed to enhance security.
When it comes to policy, 39 of 54 African nations have implemented cybersecurity legislation. However, with the increase of inter-African trade and travel, there is a growing need for a more harmonised approach.
The study urges governments to collaborate to develop, review, and update comprehensive legislation to address new and emerging cybersecurity issues, including the protection of vulnerable and marginalised groups. Initiatives such as the adoption of the Malabo Convention and the AU’s Continental Cybersecurity Strategy are positive steps forward.
“Unlocking Africa’s potential hinges on securing its digital transformation,” says Houvet. “Every African economy, irrespective of its stage of growth, must strengthen its security resilience: protect every aspect of their business, withstand unpredictable threats and emerge stronger. Now is the time for decisive action.”