The Growing Digital Economy Demands An Improved Cybersecurity Focus In Africa

With the world growing increasingly digital, cybersecurity has become as important as physical security, if not more important. Facets of human life, from finance to healthcare, have become inextricably tied to cyberspace. In the same vein, in Africa, the digital economy is rapidly expanding along with internet usage- the continent has the fastest growing telephone and Internet networks worldwide.

Yet, several stakeholders have raised concerns about cybersecurity across the continent. According to Interpol, more than 90% of businesses on the continent operate with inadequate cybersecurity measures.

In this interview, Lanre Ogungbe, CEO of Prembly, the parent company of YC-backed IdentityPass, shares his perspective on cybersecurity issues on the continent. Identitypass has processed millions of identity checks across thirty African countries and constantly helps businesses operating on the continent prevent cyber fraud. 

How would you assess cybersecurity in Africa? What would you consider the continent’s core strengths and weaknesses, if any?

Africa faces as many cyberattacks as many other regions. In my opinion, the major difference is we are not as preventive as we should be, so many companies only take cyber attacks seriously when a breach has been detected. 

There are many ways to assess the issue: incidents or the amount lost. Unfortunately, many things are underreported because companies or individuals are not mandated to report incidences often, unlike some countries outside of the region, so we can only base assessment on a few data points and daily events. 

The region’s strength is really in the laws and policies on cybercrime. I can’t tell about the implementation side of things, but some laws and regulations govern cyber events.

One of our biggest weaknesses is not intentionally investing in cyber security infrastructure. These infrastructures could range from basic amenities that will see us having our own numerous data centers to having adequate personnel who understand the regional context and how it contributes to cyber security.

Can you briefly highlight ways that cybersecurity affects economic activities in Africa from your perspective?

Many economic events are moving online faster than anticipated in Africa. Phone and internet penetration are springing up a lot of new business, established enterprises are exploring more ways to serve people online, and many govt agencies are trying to computerize their manual processes faster than before. And while these are great, fraud events and cybercrime are increasing. 

Sadly, it’s a cycle. The higher the rates of cyberattacks, the more it creates friction to limit the growing adoption of technology. And when people keep getting resistant to technology adoption, how will you convince them about ‘online shopping,’ for instance?

So cybersecurity activities are a big part of many economic events on the continent. For example, almost every day, you’ll come across bank customers complaining about unapproved debits from their traditional banks or unapproved account creation with a neo-bank. Or you see spam/fraudulent emails/texts from unknown numbers trying to steal victim details – most bank complaints are about unauthorized activity, and tracking is complex.

What role should governments across the continent play in improving cybersecurity, and how would you gauge their involvement?

Governments should take cybersecurity as seriously as physical security. Weak cyberspace doesn’t only affect economic activities but can impact people’s well-being while using the internet around the continent. 

Policymakers and advisors have a significant role in securing the region’s internet space. And there is no killer switch for this. Instead, it takes a continuous and intentional implementation of the right policies, recognition of some superior technologies, building technology transfer systems and encouraging more private players to invest in the sector.

I will say the government should begin by auditing existing systems and the infrastructure many agencies use today and then move towards bringing in private players to constantly advise on the direction of cyber protection for their citizens.

Again, gauging the government’s seriousness on topics like this is challenging as there is no precise data index on implementing the laws that govern each country’s internet.

In many advanced jurisdictions (outside Africa), some laws mandate companies to report cyber attacks that cause high data damage. However, to my knowledge, only a few African countries have similar regulations. I do not say we should duplicate foreign laws, but tracking such incidences, the nature of attacks, and occurrences are crucial so we can create solutions to prevent the next one.

Another way to gauge the government’s interest in cyber security is by looking at the number of government educational institutions administering a world-class cyber program with an updated curriculum on attacks, prevention, and incidence recovery. Unfortunately, most cyber experts I’ve met needed to do some certification or personal training from Europe / America. Learning from these countries isn’t a problem, but when would we understand the local cyber crime context and how to mitigate against them if our learnings are ‘foreign’? If a country’s government doesn’t invest in the proper education, it says a lot about priorities.

What role should the private sector play, and to what extent are African businesses doing their part?

Most often, businesses are the cybercrime target, so their role should be in; joint security framework/architecture buildup, data sharing synergies, and joint investment in cyber security across the continent. Most finance, e-commerce, and utility businesses are doing amazing work already. 

In terms of innovation, what, in your opinion, should be prioritized?

We can’t pinpoint which innovation should be prioritized across the continent as different countries are in various stages and have different interests. Also, incidences vary.

But largely, innovation should be ignited by how fast a sector grows. The continent is seeing more financial inclusion, and innovation to aid more safety in our financial services should be a priority.

Many counties are seeing more installations of trains, electricity, etc. – innovations to protect such national utilities should be prioritized.

Phone and internet adoption are increasing. So innovation should also focus on protecting data, file transfer, internet usage, and internet facilities.

There appears to be a shortage of cybersecurity professionals across Africa; in what ways do you imagine the continent can address this shortage?

By investing in its education. It’s not simple, but I think we need to give that our best shot. If we don’t invest in education, how do we get professionals? And if governments can’t support due to limited budgets, there should be tax breaks or incentives for private companies willing to invest in training people.

What role does Identitypass play in cybersecurity across the continent?

We play a major role in identity theft prevention, authentication of transactions, and transaction monitoring. Unfortunately, of the many cyber crimes, identity theft is the most common and rampant in all sectors. 

Every day, we stop the bad guys from accessing other people’s bank accounts, ride-sharing accounts, or insurance profiles, and we see so many fraud attempts. 

The most challenging part of our work is ensuring fraudulent activities do not reoccur. Recently we launched our intelligence solution that monitors financial transactions for many of our customers as we’ve created well-tailored monitoring rules that combine local types with international ones. There are many monitoring rules that financial services in countries outside of the continent have developed to track down fraud; for Africa, we are currently in the ‘rules buildup stage.’

Comments are closed.