Cybersecurity In Africa.
Let us look into the trend of cybersecurity in Africa in the past few years. How far has the Africa Region gone? Can we say the trends and reports from the Africa continent is encouraging or we still have more to do? To answer some of these questions and many more, I will be making use of some internationally recognized reports to back this.
In the race to global catch-up, social and economic development, many African countries are now embracing ICT as a key enabler. Considering the power that comes with digital transformation and how it can better the life of their citizen and its multiplicity effect on the nation in the long term. To make all of these realities, the governments must pay proper attention to the call of cybersecurity as a key integral part of the technological growth.
Going down the lane in Africa, we have seen how much the continent has lost to cybercrimes in the past years and how much it continues to lose. As reported by “Serianu“, cybercrime cost African economies an estimate of $3.5 billion in 2017.
The case of Nigeria whose estimate is at $649 million annually, follow by Kenya at an estimate of $210 million annually and then South Africa with an estimate of $157 million annually. If this huge amount is been lost annually, what has been the reactions of countries on the continent in the wake of this reality? Are we making decisions in fear or based on an inform decision? We are going to see in a moment as we move forward.
I am going to be taking us through pictures of the heat maps extracted from the ITU’s Global Cybersecurity Index (GCI) Report Document for the year 2017 and 2018. Also, I will be presenting us with some questions about the map, and the notion of this write up is to address the questions in the long term and to see how true the reports have reflected our reality.
First, we have some terms we need to understand before we proceed, what is the concept behind this report that ITU always releases yearly? And what is the goal of the report?
Global Cybersecurity Index.
Cybersecurity Global Index is a survey that measures the commitment of member states to cybersecurity in other to raise awareness. The GCI revolves around the ITU Global Cybersecurity Agenda (GCA) developed in 2007 and its five pillars (Legal, Technical, Organizational, Capacity building, and Cooperation).
To monitor the commitment of the 193 ITU Member states and the State of Palestine, the GCI uses 25 indicators in its benchmark measure. You can read more about the methodology used to produce the GCI by downloading them here. The GCI Pillars and its sub-pillars are indicated in the image below.
Having understood the ITU GCI and all it entails, the first heat map that appears below is that of the year 2017. RED indicates countries in their Initiating stage, YELLOW indicates countries in the Maturing stage, and GREEN indicates countries in the Leading stage.
With a glance through the map, some questions might be running through our minds, but what is important here is how we react to those questions and the steps we took afterward. Some of the suggested questions are;
Possible Questions as Regards the Heat Map
What does that map represent?
What information can you deduce from the map?
What impressions does the map create in your mind?
What latent information does the map give at first look?
How does this map affect Africa?
Taking a closer look at Africa Region on the map and comparing it to what is happening in other regions of the world will influence what we are seeing on the maps and how to present answers to the question running through our minds.
On our first attempt to answer these questions, we might have the following as answers and more.
My first thoughts were:
- Africa the bad guy!
- I can see the problems in Africa.
- Africa is doing bad somehow.
- Comparison among countries of the world.
- Weakness in Africa.
- Nothing Is ever good about Africa.
- Can’t Africa look Green Too! Why Red everywhere?
if we refused to look inward, we might end up answering with the sole aim of comparison.
On a second attempt, we can have a deep look beyond the negativity this might have to represent and look out for opportunities therein:
- An Opportunity for us to go green
- A huge market yet to be tap
- Comparison of some sort.
- Africa, the guy with Potential
- Green was once Red!
The answers we have in our second attempts are exactly what the ITU want Governments of African countries to see and take actions on improving on them.
ITU GCI Reports for the Year 2017 and 2018.
Following the ITU’s GCI reports for the year 2017 and 2018, what has been the ranking of countries from the Africa Region, and what has been the improvement so far.
For the year 2017, we have the following GCI score showing the five (5) leading countries in terms of commitment to cybersecurity. Lead by Mauritius and Nigeria placed 4th in the Africa Region and 46th in Global Ranking.
Taking this report from a global perspective, we see Mauritius from Africa placing 6th in the world in terms of commitment.
For the year 2018, let us take a look at what has changed in the Africa Region,
Mauritius has dropped from the first ten (10) to the first twenty (20) in the Global ranking of 2018 as it now maintains the 14th position. Nigeria has dropped from the 4th position to the 5th position in the Africa Regional Rank in 2018 and dropped from 46th to 57th in the Global Rank.
We should not see the report as a competition for just to better our ranking year in year out instead we should look inward at the objective of the GCI which is to help countries identify areas for improvement in the field of cybersecurity, as well as to motivate them to take action to improve their ranking, thus helping raise the overall level of commitment to cybersecurity worldwide.
Considering our understanding of the ITU’s GCI Reports on Africa Region and having two attempts to answer questions that arose from looking at the map. We need to elaborate more on what will happen if we take actions using any of those attempts.
Actions from the First Attempt.
Based on the first attempt(first thought), there are action that might be taken.This include:
This information is intended to push most governments of African countries to bring down foreign expertise to help in building a National Cybersecurity Plan and a whole lot of technologies (to be imported and installed) that will improve their ratings regardless of whether the real security is provided or not.
Creating Unnecessary Economic Advantage
Many Cybersecurity companies from abroad (North America, Europe, and Asia) will start flying down to Africa to set up their businesses, leveraging on the facts behind the ITU reports which Africans cannot see, targeting the huge business opportunities as shown on the map.
The objective of those nations in the good ranking today is not to be in the leading stage of one ITU GCI ranking or other reports but to have the utmost protection (humanly and technologically possible) for their citizens as they transact in the unpredictable cyberspace and to protect their nations against cyber-attacks at large.
Technologies for People Without Processes
Most of what the governments of African countries do is to, copy solutions from the developed countries that end up not working because most at the time we only copy the technologies, leaving the processes behind. The processes are the most important of it all. They are the framework through which those technologies interact with the people for their overall effectiveness.
Actions from the Second Attempt
National Cybersecurity Plan and other policies should be developed with a wider scope that will be able to contain the ever-dynamic Cyberspace complexities. Such results can provide the real security needed by the citizen and not just feeling.
Creating Necessary Economic Advantage
The cybersecurity market will be harness to improve our economy. It’s a potential market that the government can help build and ensure the dominance of her citizen in such a market. Job creations which turn to help reduce unemployment.
Our objectives will change to having the utmost protection (humanly and technologically possible) for our citizens as they transact in the unpredictable cyberspace and to protect our nations against cyber-attacks and the region at large. Other than pursuing just ranking, and the race of looking good to the world.
Countries should invest in human capital development in cybersecurity, which will enable people to have the skills to building and configuring these new technologies for organizations, companies, and institutions which will tremendously propel our economy and reinforce better cybersecurity across Africa. The government will need to put in more funds to researches dedicated to Cybersecurity.
If foreign support will be needed at all. We will be proud of having our home-grown team of experts that can checkmate and do appropriate oversight on whatever support they are bringing.
Good Policies that match our realities.
Experts should be given the task of identifying the assets (majorly Critical National Infrastructure) to protect, find the risk attach to those assets, how those risk can be mitigated by the solution proffer and possible problems caused by the solutions introduced together with what trade-offs those solutions required to actualize them. Their report should help in guiding the government officials in making the best of decision for the country at large.
Training & Education
The government should be ready to invest in education, encourage the development of cybersecurity curriculum programs for tertiary institutions. Provision of scholarship for talent to be trained on Cybersecurity abroad is also necessary, which will be a big Return on Investment for the country’s economy because this will provide the training ground for others within the country (creating an indigenous market) and also replace the foreign expertise dominating the country’s cybersecurity market.
Awareness and Best Practices
The government should instruct those institutions chartered with the responsibilities of public awareness and educative initiatives to gear up to their responsibility. Proper awareness and education are key to enable a sound National Cybersecurity Plan that will be effective and productive.
All private and public institutions across the nations should be mandated to follow some stipulated cybersecurity best practices at their ends and failure to comply should birth some liabilities to the defaulter.
Trade-offs can be any or combinations of these lists and sometimes all – inevitable cash outlays, taxes, inconveniences, and diminished freedoms we accept (or have forced on us) in the name of enhanced security. Investing this much and our sacrifice could match up to waste if we follow the answers from the first attempt to take out actions.
But following the answers from our second attempt, all of the investment is going to be worthwhile and eventually we can grow to become what others have become.