Intelligent CIO Africa Issue 6 - Page 76

EDITOR’S QUESTION EDITOR’S QUESTION DINESH OP, TECHNICAL MANAGER FOR AFRICA AT SIEMON TEDDY NJOROGE, COUNTRY MANAGER ESET EAST AFRICA Africa at large is experiencing a tremendous technological boom and in turn, a growing and ever-evolving threat to cybersecurity. It is therefore imperative that as much as possible is done to mitigate the dangers posed, which is why the Internet Infrastructure Security Guidelines for Africa should be welcomed. Recommendations by the African Union Commission in collaboration with Internet Society suggest critical actions must be taken by various stakeholders involved in Internet governance and development across the continent. There can be no understating the importance of the Internet in helping to achieve socio- economic development in Africa – something that is recognised by governments, financial institutions and development partners. As well as being a key driver for innovation and social wellbeing, it is a source of economic growth and organisations are increasingly reliant upon it for trade. Yet although Africa has made significant progress in developing its online infrastructure in the past decade, compared to other parts of the world penetration in Africa is low, with only 25.1% of Africans having Internet access, according ITU ICT Facts and Figures 2016. As an Indian, I saw how fast the Internet developed in my homeland 15 years or so ago, and having since worked the Middle East and, for the last seven years, in Africa, I know how quickly its use can spread with the correct infrastructure in place. However, despite double-digit growth in Internet penetration across Africa 76 INTELLIGENTCIO Unfortunately, Africa suffers from a serious ‘implementation’ issue: African policies often over-promise and under-deliver. This is due to the lack of implementation mechanisms present in the latter policies as well as the political indifference surrounding these policies. Incumbent governments have little incentive to implement regional policies as, other than for the sake of development and better governance, there exists little political pressure to spearhead and implement the guidelines outlined in this article. A prime example of this would be the ratification and adoption of the African Union’s Convention on Cybersecurity and Personal Data Protection. The latter has been ratified and adopted by fewer than fifteen States of the total 54 African nations which comprise the African Union. over the past 10 years, progress could be stifled due to a shortage of skilled human resources, limited financial investment, poor levels of awareness of cybersecurity issues and a general lack of knowledge about the risks involved in the use of information and communication technology (ICT). The 2015 Deloitte Global Threat Index found that out of 127 countries investigated, Kenya was ranked the 69th most vulnerable, while Symantec observed 24 million malware incidents targeting Africa in 2016. The Internet of things (IoT) could also compound the issue, with the number and variety of connected devices growing exponentially across Africa. The Internet Infrastructure Security Guidelines for Africa are a proactive step towards improving cybersecurity and organisations will only benefit from their introduction. However, their success will also depend on whether they are adopted across all borders and regions. Technology based solutions for the prevention and detection of cyberattacks must be accompanied by cross- border collaboration in order to be effective. Put simply, with the Internet becoming a critical component of Africa’s growth, cybersecurity is vital and cannot be ensured without the collaboration all stakeholders. ¡ Cybersecurity awareness remains a major gap in the implementation of these guidelines; African nations have not invested enough in the cybersecurity of their own bodies. A significant percentage of parastatals and other governmental bodies still run on legacy software and applications. This makes them especially vulnerable to next- generational ransomware attacks, such as Petya and Wannacry. Due to government’s failure to lead by example, a significant percentage of the African digital economy fails to fully appreciate the advent of advanced persistent threats in Africa. This was highlighted by Serianu’s Tanzanian Cybersecurity Report, which reported an alarming 98% lack of awareness figure for the East African Republic of Tanzania, which lost a huge $85m to cybercrime in 2016. Thus, implementation of the guidelines requires a revision of the African consciousness regarding the subject of cybersecurity, through initiatives spearheaded by the government with the assistance of multiple stakeholders as outlined by the guidelines. African Nations will eventually adopt these guidelines due to the continued growth of the Internet in the continent. The proliferation of the Internet and cloud-based services within Africa has had the effect of exponentially increasing the number of Africans online. In order for the continued use of the Internet within our continent to remain sustainable, it is essential for governments to legislate and necessitate the adoption of essential security practices. A prime example of this would be the adoption of secure protocols which should be used in products and services supporting Internet infrastructure. For instance, TLS (transport layer security) is a cryptographic protocol that should be employed to protect web services. TLS encrypts data exchanged in an HTTP transaction and cryptographically identifies one or more of the parties engaged in a transaction. Privacy and identity are fundamental elements of secure Internet infrastructure. Governments need to necessitate this as a minimum standard for the provision of digital services for their citizens, to guarantee the safety of their privacy and consumer rights. Internet Exchange Points should also be aptly implemented to facilitate cross-border Internet connectivity, as it enhances regional connectivity even further. Governments should promote the use of IXPs and increased cooperation and connectivity between different African networks. IXPs limit the scope of cyberattacks and improve the total Internet security resilience of these areas. ¡ In order for the continued use of the Internet within our continent to remain sustainable, it is essential for governments to legislate and necessitate the adoption of essential security practices. INTELLIGENTCIO 77