African nations have experienced a surge in cyberattacks targeting large enterprises in 2022, according to a report by pan-African technology group Liquid C2. Kenyan businesses reported an alarming 82% increase in cyberattacks, while South African and Zambian businesses recorded a 62% increase each. The primary methods used by cyberattackers were phishing or spam attacks, accounting for 61% of incidents, followed by compromised passwords at 48%.
Jess Parnell, vice president of security operations at Centripetal, believes that businesses in Kenya, South Africa, and Zambia have become attractive targets for cyberattackers due to their emerging economies and growing business sectors. These countries provide potential financial gains for cybercriminals through various cybercrime activities such as data theft, ransomware attacks, or financial fraud.
Anna Collard, security evangelist at KnowBe4 Africa, concurs and states that while most attacks are still opportunistic in nature, with ransomware gangs targeting compromised networks or credentials procured from access brokers, the focus on emerging economies is an emerging trend. She explains that ransomware-as-a-service groups are shifting their attention to these economies to distance themselves from potential US-based retaliation. Consequently, any economy with a higher cyber-dependency on the continent becomes an attractive target.
The Liquid C2 report also highlights a significant deficiency in the number of certified cybersecurity professionals in Africa, amounting to a growing gap of 100,000 individuals. Despite this shortfall, all respondents in the report indicated significant advancements in cloud and digital strategies, along with related cybersecurity capabilities. Additionally, 68% of businesses revealed that they had hired cybersecurity staff or partnered with cybersecurity teams over the past year. Among the surveyed nations, Kenya had the highest percentage at 82%, followed by South Africa at 63%, and Zambia at 62%.
Parnell emphasizes that cybersecurity investments and personnel alone do not guarantee protection against cyber threats. Cybercriminals constantly evolve their tactics, making it challenging for businesses to stay ahead. Therefore, organizations need to adopt a proactive approach to threat intelligence-powered cybersecurity and continuously update their defenses to mitigate risks. Implementing robust security measures, raising employee awareness about phishing, regularly updating software and systems, conducting vulnerability assessments, and promptly responding to security incidents are vital components of a multi-layered approach to defending against cyberattacks.
Klaus Schenk, senior vice president of security and threat research at Verimatrix, adds that increasing cybersecurity staff could inadvertently attract malicious actors who view it as a challenge or an opportunity to demonstrate their skills. However, Schenk asserts that the benefits of augmenting cybersecurity teams outweigh the risks. By strengthening cybersecurity capabilities, businesses can effectively mitigate the impact of cyberattacks and strive for a state where such attacks have no impact whatsoever.
In conclusion, cyberattacks on large enterprises in African nations have soared in 2022, particularly in Kenya, South Africa, and Zambia. The emergence of these economies and their growing business sectors make them attractive targets for cybercriminals seeking financial gain. While organizations are making significant strides in cloud and digital strategies, the shortage of certified cybersecurity professionals remains a concerning issue. Investing in cybersecurity measures and personnel is essential but not sufficient to combat cyber threats. A proactive and multi-layered approach, along with continual updates and employee awareness, is crucial to defend against cyberattacks effectively.