A Continent Vulnerable: Ignorance, Resource Constraints, Or Framework Gaps?

It is all of the above!

A recent cybersecurity report on the Civic Society Industry (CSO) in Africa paints a concerning picture, likely reflecting the broader state of cybersecurity across the continent. While the WASCI 2024 report focuses on a specific sector, its findings suggest a troubling reality for many organisations in Africa.

The report highlights a critical issue: despite the existence of cybersecurity frameworks in many African countries, a lack of awareness, training, and resources is leaving organisations dangerously exposed. This raises a crucial question: are these vulnerabilities due to shortcomings in the frameworks themselves, or is it primarily a resource problem?

The Paradox: Frameworks or Awareness?

The report suggests a combination of factors. While gaps in frameworks might exist, a more concerning factor might be a simple lack of awareness. A staggering 45% of organisations are unaware of the cybersecurity laws they’re supposed to follow, highlighting the urgent need for education and awareness campaigns. Building capacity through training programs can empower organisations to understand and implement best practices. Only 30% of these organisations report participating in digital security programs, leaving a significant knowledge gap.

Ignorance Breeds Vulnerability

Resource Constraints Hinder Security

Resource limitations, particularly for small and medium-sized businesses (SMEs), often lead to prioritising growth over security. With only 12% allocating an information security budget, this short-sighted approach can be devastating. A single successful cyberattack can cripple a company, wiping out the gains from unfettered growth. The lack of dedicated security units further exacerbates the impact of such attacks.

There is also a gap between foreign and local companies. Foreign organisations, likely adhering to stricter internal policies from their home countries, appear better equipped to handle cyberattacks. Local companies, on the other hand, often lack these robust practices and become easier targets, aligning with the finding that only 23.6% of CSOs have proper computer and information security policies in place.

A Flawed Approach: ill-Suited Frameworks

While frameworks are important, a critical shortcoming is the practice of adopting foreign cybersecurity policies without considering Africa’s specific context. These policies, designed for developed nations, often come with hefty fines that can disproportionately burden African businesses. This can turn cybersecurity and data protection from essential safeguards into hindrances.

Essential Measures Overlooked

Furthermore, the report highlights the neglect of essential security measures like Virtual Private Networks (VPNs). While over 90% of organisations rely on strong passwords and MFA, their digital security ends here with only 20% utilising VPNs, a fundamental tool for securing remote access, especially on public Wi-Fi. This highlights the need for educational campaigns that emphasise not just password security but also the importance of using VPNs to protect data on unsecured networks.

A Call to Action: A Multi-Pronged Approach

With this state of digital security, there is a critical need for a multi-pronged approach:

By addressing these issues, Africa can move towards a future where robust cybersecurity practices become the norm, not the exception. This will foster a more secure digital environment for businesses and citizens alike.

Our Collective Responsibility

Therefore, we need changes at the organisational and national levels. Each one of us has a duty:

The cybersecurity crisis in Africa demands a collective effort. By working together, we can improve awareness, build capacity, and foster a more secure digital future for the continent.

References.

West Africa Civil Society Institute (WACSI). (2024). Landscape Mapping of Civil Society Digital Security in West Africa. Retrieved from https://wacsi.org/wacsi-launches-new-report-on-the-state-of-digital-security-in-west-africas-civic-space/

Ifeanyi-Ajufo, N. (2024, February). The AU took important action on cybersecurity at its 2024 summit — but more is needed. Chatham House. Retrieved from https://www.chathamhouse.org/2024/02/au-took-important-action-cybersecurity-its-2024-summit-more-needed

Serianu. (2023). Africa Cybersecurity Report Kenya, 2023. Retrieved from https://www.serianu.com/downloads/KenyaCyberSecurityReport2023.pdf