Collaboration is vital to Africa's cyber-security tactics
Written by Maarten Van Horenbeeck, Chair of The Forum of Incident Response and Security Teams (FIRST)
The world has finally begun to wake up to the issue of cyber-security in Africa, with the International Cyber Security Protection Alliance identifying the continent as a problem area in its eight-year evaluation of the modern threats to internet security.
The most serious issue is the significant gap between the scale of Africa’s cyber-security capability and the increased availability of internet-enabled devices to a wider cross-section of the population.
Cyber-crime affects ordinary citizens in Africa – it is estimated that Kenyans lost $23,000,000 last year as a result of fraud – and costs the economy millions.
It’s impossible to calculate the damage done to Nigerian businesses, which have been virtually blacklisted by retailers around the world as they increasingly refuse to ship to a country that has become a by-word for online scams in recent years.
It should be noted that Africa’s security problem stems more from a lack of communication than a lack of education.
After all, security forces and criminals have gained significant skills and direct experience from security incidents close to home, such as the malware Duqu, which was first reported in Sudan and is the successor to the infamous Stuxnet.
Likewise, the malware Dexter originated in South Africa and perpetrates credit card fraud every bit as sophisticated as that found in other parts of the world, while Nigeria has even provided the name for the ‘419’ scam, which is named after the section of the country’s criminal code that the trick violates.
African governments have recognised the seriousness of the issue and responded by setting up computer security incident response teams (CSIRTs), which provide practical defence against attacks and enable knowledge-sharing to inform the passing of laws regulating the internet.
A major problem, however, is that these promising ventures aren’t the norm across the continent. Furthermore, different countries have different levels of internet access and a diverse range of cyber threats.
For instance, in South Africa, which has a relatively large proportion of high net worth individuals, credit card fraud is a significant issue, while in Morocco, cyber-crime is often political and normally associated with defacements.
There is also the problem of differing standards between Internet Service Providers. While Governments can have an influence over what goes on in their country’s network, the actual day-to-day work falls to ISPs who have very different approaches to keeping consumers safe online.
The better providers work with governments and business to fight common threats, such as blocking port 25; a port commonly used to transmit malware from customer workstations. But if there’s no regulatory framework or body in place to make them do this, less scrupulous providers can easily neglect their security without fear of punishment from regulators.
This diversity of issues makes it difficult for Africa to present a united front against cyber-crime, which is a problem because co-operation between governments, IT professionals and security agencies is essential if criminals are to be prevented from hiding among patchy legal and security systems.
It’s pointless eliminating high-tech crime from Egypt if the perpetrators can cross the border to Sudan and carry on undeterred.
Likewise, improving network security in Senegal would only be a partial solution when the vast majority of internet use in the country is on mobile devices.
This is why FIRST is committed to offering training and networking opportunities in Africa – there’s a clear need for knowledge-sharing to prevent cyber-crime in Africa posing a threat to the rest of the world.
Failure to address the problem will mean criminals won’t need to fear even the most sophisticated security in other parts of the world, because they can bypass this and attack the global network via Africa.
Because of this, a consensus must be established across Africa, including the creation of shared approaches and terminology when dealing with cyber-security issues.
Meaningful change will come when innovative CSIRTs work together to share technologies and experiences.
Van Horenbeeckis an information security specialist with more than 13 years of experience as a senior IT professional at some of the biggest names in IT including Verizon, Microsoft, Google and Amazon. He is currently Chair of the Forum for Incident Response and Security Teams (FIRST) following his election to the board in 2011 and specialises in Security Intelligence and Threat Assessment, Investigative Response & Forensics, Risk assessment & Remediation and the analysis of targeted malicious code attacks