Cybercriminals have revamped their strategies in order to target unsuspecting organizations, primarily posting ransomware, business email compromises, and data leakage threats to companies across Africa.
East African businesses have reported the most cyberattacks in Africa, indicating the growing dangers associated with sweeping digital transformation.
According to a report by the auditing firm KPMG, about three out of every ten firms in East Africa have been the targets of cyberattacks. The report looked at 300 companies, including both large corporations and small and medium-sized enterprises (SMEs).
The growing cyber attacks have been attributed to the rapid development and acceptance of digital technology across business sectors with little experience and awareness around technology and digital infrastructure.
According to the survey, about nine out of ten businesses in the region are either in the midst of a digital transformation or have already completed one, compared to 82 percent in West Africa.
KPMG's Africa Cyber Lead, John Anyanwu, stated that several economies on the continent have been able to overcome pandemic difficulties and the consequences of other shocks in order to enhance consumption and acceptance of digital technologies at a grassroots level.
However, fraudsters have changed their strategies to target unwary businesses, mostly by posting ransomware, business email compromise, and data leakage threats to businesses across the continent.
According to Anthony Muiyuro, cyber lead at KPMG East Africa, "Today, there is a lot more focus needed on not only minimizing threats but on the way organizations are built up to deal with them."
Even so, only 34% of companies with a strategy have independent cyber and information security functions. A quarter of businesses on the continent have yet to develop any kind of strategy to prevent or deal with cyber-attacks.
"This function ought to be a strategic priority that crosses all corporate divisions. As a result, creating a stand-alone information security function is hailed as a crucial success factor for established information risk management, "added Mr. Muiyuro.
Despite the fact that, with the exception of the Democratic Republic of the Congo, all countries in the region have established cyber security legislation requiring some form of information protection, only 77 percent of businesses in East Africa, where the threat is greatest, have well-defined and frequently reviewed cyber strategies.
African companies are still having difficulty developing plans and security operation centers due to budgetary restrictions and a lack of skilled workers.
More than two-thirds of African businesses report having difficulty finding and retaining skilled employees, despite the fact that 55% of them said they aim to hire cybersecurity specialists in the upcoming year.
According to a report published in 2022 by the International Systems Audit and Control Association, there are currently three million cyber security job openings worldwide that have not yet been filled. Within the next few years, this number is expected to increase to ten million.
An increase in security alert reports, difficulties organizing and analyzing associated data, and a lack of processes that are recorded are all issues that make it difficult for organizations to develop a cybersecurity strategy.
If African businesses want to compete on a global scale, they must invest more in cybersecurity. The majority of firms on the continent are still offline, making them vulnerable to attack whenever they go online. The majority of African companies run the risk of falling prey to online scammers with the emergence of the Metaverse, which is poised to take over the internet.