Known unknowns: the threat of cybercrime in Africa

2017-11-09

The rapid development of technology improves lives and enables more efficient operations in the private and public sectors. The challenges that have emerged as a direct consequence, however, can also undermine progress and expose users to illicit activities online.

Before 2000, Africa only hosted 4.5 million Internet users, but telecommunications markets are rapidly being liberalised and affordable mobile technologies becoming increasingly available. Today, there are close to 400 million Internet users on the continent.

Today’s cyber-criminals no longer require users’ consent to access valuable personal data

According to a 2016 report by the Global Forum on Cyber-Expertise, it is estimated that Africa’s e-commerce industry will be worth US$75 billion by 2025. But while mobile technologies transform African societies by providing a major form of connectivity, they have also turned Africa into both a source and a target of illicit online activities. According to one report, in 2012, the number of targeted cyber-attacks in Africa increased by 42% from previous years.

As opportunity increases on the continent, so do the associated risks. Africa has become more vulnerable to general online security threats, intellectual property infringement and the theft of personal data. Indeed, one report estimated that 80% of all personal computers on the continent are infected with viruses and other malicious software.

Today’s cyber-criminals no longer require users’ consent or knowledge to access valuable pieces of personal data. Cybercrime is, across the board, becoming bolder and more advanced; not only in how victims are targeted, but also the amount of money sought. One 2016 study by Serianu ranked the sectors most vulnerable to cybercrime on the continent and placed banking and government at the top.

Cybercrime is, across the board, becoming bolder and more advanced

Such developments are prominent in West Africa, for example, where the region has seen two distinct groups of cyber-criminals emerge, namely the ‘Yahoo Boys’ and the ‘Next-Level Cybercriminals’. The two are distinguished by their structure and type of crimes they commit. While the Yahoo Boys mostly operate traditional advance-fee scams, the Next-Level Cybercriminals engage in more complex attacks against corporations and involve tax scams, holding connections across the globe.

As cybercriminals target victims both inside and outside their national boundaries, African countries have struggled to build the technical and financial capacity needed to target, monitor and thwart illicit online activities. There are simply not enough trained professionals and historically there is little political will in many countries to tackle the issue. This stems from a combination of factors, including insufficient budgets and a tendency to overlook the invisible threat. Cyber-security infrastructure in the continent is in itself weak, with factors such as outdated or pirated software leaving African countries vulnerable to serious security risks.

A particular cybercrime concern is the increase of mobile malware

Cybercrime is a global phenomenon, with certain reports contending that it now surpasses drug trafficking as a criminal revenue source. Its impact is particularly pervasive in Africa, given the lack of cohesive cybersecurity policies and inadequate IT infrastructure.

In 2014, it was reported that cybercrime activities were increasing at a more rapid rate in Africa than anywhere else in the world. Again, this points to criminal networks taking advantage of the continent’s weak IT infrastructure to proliferate threats from ransomware, social media scams and new malware.

In South Africa alone, 73% of adults reported having experienced cybercrime, at an estimated cost of US$337 million to the economy. Of particular concern is the increase of mobile malware, rising in tandem with the continent’s liberalisation of telecommunications markets and widespread availability of mobile technologies.

In South Africa alone, 73% of adults reported having experienced cybercrime

A fundamental problem in combatting cybercrime – in Africa and elsewhere – is a general lack of understanding of cybercrime and of cyber law-enforcement mechanisms. This creates a low risk of prosecution, which incentivises criminals and increases the challenge ahead.

Nonetheless, the increasing financial impact of cyberattacks has fuelled an acknowledgment among both the private and public sectors that there is a need for effective responses – even if, for now, attempts to tackle the threat of cybercrime remain inadequate.

This ENACT Observer draws on a recently published ENACT continental report titled Africa’s changing place in the global criminal economy. Click here to read the report.

Mark Shaw, Director, and Laura Adal, Senior Research Analyst, Global Initiative against Transnational Organised Crime

EU Flag
ENACT is funded by the European Union
ENACT is implemented by the Institute for Security Studies and INTERPOL, in
affiliation with the Global Initiative against Transnational Organised Crime
ISS Donors
Interpol
Global
feature-5Page 1