Africa

INTERNET PENETRATION

To understand the cyberthreat in Africa, one of the most significant contextual trends is the exponential growth of Internet penetration in the various countries. From 2000 to 2021, the African population increased by almost 68%, from 817.67 million in 2000 to 1,373.49 million in 2021. Over the same period, the number of Internet users rose from 4.51 million to 590.3 million, an increase of 12,988.7% 1,2,3,4,5. In 2021, Internet penetration in Africa extended to 43% of the population, or almost one in two people. This figure is 78 times higher than 20 years ago. Africa today is modern and connected.

​

DEMOGRAPHIC STRUCTURE

Added to this hugely important factor, the population is very young and receptive to digital tools, especially mobile devices. According to United Nations forecasts, Africa’s median age is expected to rise by five years by 2050 and the population is expected to grow by almost 1.15 billion.

In 30 years, Africa will be home to 1.2 billion people under the age of 25, which means that the use of digital tools will continue to grow at an even faster rate. In addition, the increase in the median age by just over five years, coupled with the increase in per capita living standards by 2050, will also lead to a diversification and increase in the use of digital media. Inevitably, the higher Internet penetration rate will spell an upsurge in the number of interconnections and, as a result, a greater vulnerability and threat surface. The implication in terms of cyberthreats is directly apparent, but it is probably still underestimated. On the issue of mobile phones, for example, Symantec observed in 20167 a considerable growth in the number of malwares directed at the Android operating system, which represents 89% of the smartphone market in Africa. In Nigeria alone, one smartphone in seven was infected by malware in 2016, and by 2019 they were 184.6 million mobile subscribers in the country.

​

​

This dual dynamic of a rapidly expanding vulnerability surface and the persistence of critical cybersecurity and cyberdefence issues has an impact on the level of cyberthreat observed across the African continent.

EXAMPLE OF LIBERIA IN 2016

In October 2016, Liberia suffered a massive DDoS (distributed denial of service) attack, which caused all banking transactions to be suspended for half the country10. Over half a million security cameras around the world simultaneously attempted to connect to the servers used by Lonestar Cell MTN,11 the country’s largest telecommunications company, leading to an extended service outage.

EXAMPLE OF SOUTH AFRICA IN 2019

in July 2019, the City of Johannesburg fell victim to a devastating ransomware attack12. The operators of the malware, the Shadow Kill Hackers, targeted City Power, the city’s main power company, forcing the authorities to shut down the city’s website, e-services platform and billing system13. Electricity was also cut off for several hours in the city.

EXAMPLE OF ETHIOPIA IN 2020

In June 2020, 13 official Ethiopian government websites were affected by a cyberattack by the Cyber_Horus Group. The hackers, whose Egyptian origin seems to be established, left several nationalist messages denouncing the filling of the Renaissance Dam on the Nile, reflecting the significant geopolitical tension between Egypt and Ethiopia.

​The contextual issue for understanding the cyberthreat in Africa is not simply the exponential increase in digital technology across the continent. In reality, the problem also lies in the imbalance between this increase and the status of cybersecurity and cyberdefence in the societies concerned.

LACK OF CYBER EXPERTS

his imbalance is mainly due to three co-constituent factors. First, it is a human problem, which does not only concern the African continent. In Africa, an additional 100,000 cybersecurity experts are needed in order to respond to the current challenges. And the trends we have discussed will further increase this need.

POOR VISIBILITY OF THE NUMBER OF SECURITY INCIDENTS

There is also a cultural issue in cybersecurity in terms of reporting and fixing security incidents. Some 96% of incidents are not reported or resolved, which means that the level of cyberthreat in Africa is likely to be much higher than we know.

LEGAL AND STRATEGIC ARMOURY UNDER CONSTRUCTION

Most African countries have not yet, or have not sufficiently, structured their legal armoury to deal with the cyberthreat. In 2016, it was estimated that over 40 countries across the entire continent had not or had only partially implemented specific legal provisions to address the challenges of cybercrime and oversee the gathering of electronic evidence17. It should also be noted that only 15 African countries have a national cybersecurity strategy in place.

Africa is destined to become one of the geographic parts of the world where the cyber issue will be the most decisive factor for the future of societies and organisations. Already, the continent’s colossal trends are fuelling a strategically important yet unsuspected cyberthreat. These trends include the exponentially increasing Internet penetration across society and industry (up 12,988.7% in 20 years), the demographic structure of these societies (1.2 billion people under 25 by 2050) and the rapidly growing popularity of digital tools. At the same time, 96% of security incidents are unknown or unreported and decisive attacks are already affecting the continent, as we have seen in Ethiopia, South Africa and Liberia. These trends will obviously continue to create huge issues and challenges, yet a mismatch is already apparent when we consider the structure of cybersecurity and cyberdefence across the continent. Three challenges need to be met, namely the training of the population to create cyber experts, the visibility of incidents and a clearly defined legal and strategic framework to address the cyberthreat.