Collaboration is vital to Africa's cyber-security tactics
Written by Maarten Van Horenbeeck, Chair of The Forum of Incident Response and Security Teams (FIRST)
The world has finally begun to wake up to the issue of cyber-security in Africa, with the International Cyber Security Protection Alliance identifying the continent as a problem area in its eight-year evaluation of the modern threats to internet security.
The most serious issue is the significant gap between the scale of Africa’s cyber-security capability and the increased availability of internet-enabled devices to a wider cross-section of the population.
Cyber-crime affects ordinary citizens in Africa – it is estimated that Kenyans lost $23,000,000 last year as a result of fraud – and costs the economy millions.
It’s impossible to calculate the damage done to Nigerian businesses, which have been virtually blacklisted by retailers around the world as they increasingly refuse to ship to a country that has become a by-word for online scams in recent years.
It should be noted that Africa’s security problem stems more from a lack of communication than a lack of education.
After all, security forces and criminals have gained significant skills and direct experience from security incidents close to home, such as the malware Duqu, which was first reported in Sudan and is the successor to the infamous Stuxnet.
Likewise, the malware Dexter originated in South Africa and perpetrates credit card fraud every bit as sophisticated as that found in other parts of the world, while Nigeria has even provided the name for the ‘419’ scam, which is named after the section of the country’s criminal code that the trick violates.
African governments have recognised the seriousness of the issue and responded by setting up computer security incident response teams (CSIRTs), which provide practical defence against attacks and enable knowledge-sharing to inform the passing of laws regulating the internet.
A major problem, however, is that these promising ventures aren’t the norm across the continent. Furthermore, different countries have different levels of internet access and a diverse range of cyber threats.
For instance, in South Africa, which has a relatively large proportion of high net worth individuals, credit card fraud is a significant issue, while in Morocco, cyber-crime is often political and normally associated with defacements.
There is also the problem of differing standards between Internet Service Providers. While Governments can have an influence over what goes on in their country’s network, the actual day-to-day work falls to ISPs who have very different approaches to keeping consumers safe online.
The better providers work with governments and business to fight common threats, such as blocking port 25; a port commonly used to transmit malware from customer workstations. But if there’s no regulatory framework or body in place to make them do this, less scrupulous providers can easily neglect their security without fear of punishment from regulators.
This diversity of issues makes it difficult for Africa to present a united front against cyber-crime, which is a problem because co-operation between governments, IT professionals and security agencies is essential if criminals are to be prevented from hiding among patchy legal and security systems.
It’s pointless eliminating high-tech crime from Egypt if the perpetrators can cross the border to Sudan and carry on undeterred.
Likewise, improving network security in Senegal would only be a partial solution when the vast majority of internet use in the country is on mobile devices.
This is why FIRST is committed to offering training and networking opportunities in Africa – there’s a clear need for knowledge-sharing to prevent cyber-crime in Africa posing a threat to the rest of the world.
Failure to address the problem will mean criminals won’t need to fear even the most sophisticated security in other parts of the world, because they can bypass this and attack the global network via Africa.
Because of this, a consensus must be established across Africa, including the creation of shared approaches and terminology when dealing with cyber-security issues.
Meaningful change will come when innovative CSIRTs work together to share technologies and experiences.
Van Horenbeeckis an information security specialist with more than 13 years of experience as a senior IT professional at some of the biggest names in IT including Verizon, Microsoft, Google and Amazon. He is currently Chair of the Forum for Incident Response and Security Teams (FIRST) following his election to the board in 2011 and specialises in Security Intelligence and Threat Assessment, Investigative Response & Forensics, Risk assessment & Remediation and the analysis of targeted malicious code attacks
Grupo Espinosa: 70 years of constant evolution
Founded in 1952, Grupo Espinosa has been relentlessly supporting the publishing industry with producing more than 100 million copies every year – whether its books, magazines, catalogues or single-order custom prints. No project is big or small for Grupo Espinosa, as the facility can scale up on demand and their turnaround times are highly competitive. Grupo Espinosa works with on-demand digital press or offset press, in paperback with glued softcover binding, PUR softcover binding, stitched paperback binding, binder’s board, hardcover, saddle stitched, Spiral or Wire-O. Equipped with the experience needed for a product to leave the plant ready for distribution, Grupo Espinosa delivers anywhere inside or outside Mexico. Traditionally starting off as a black and white printing press, Grupo Espinosa has experienced transformation first hand – from colour to digital offset printing. Currently, Grupo Espinosa is also looking at making capital investments into audio books to match with the increasing demand.
So how did a seemingly local operation in Latin America become a world-renowned printing facility trusted by hundreds of clients? As Rogelio Tirado, CFO of Grupo Espinosa for the last six years says “It all comes down to our market experience and our dedication to quality”. With nearly 70 years behind them, and located in Mexico City, Grupo Espinosa has two major locations – one spanning 75,000 square metres and the other about 45,000 square metres. Both locations are controlled by a single ERP (Enterprise Resource Planning) system ensuring speed, consistency and quality of work. Tirado says this isn’t their only competitive advantage. He adds “Our competitive advantage is the relationship we have with customers and the trust they put in us with their intellectual property”. Speaking of trust, global publishing giant Macmillan Education exclusively partners with Grupo Espinosa for their Latin America operations, as part of Macmillan’s decentralized hub strategy. Having a facility that offered the full spectrum of service – from storing digital content to printing and distributing – was one of the major requirements for Macmillan, and Grupo Espinosa was recognized as the leading printing hub for providing this 360 infrastructure. Another factor that has led to success for Grupo Espinosa is the absolute focus on quality and time. The staff are committed to providing the best quality in the best possible time, without causing wastage of resources. Sustainability is a huge factor playing into Grupo Espinosa’s operations, and they’ve created a healthy environment with the sustainable use of paper and energy resources as well as keeping their employees – most of them associated with the organisation for over 10 years – happy. He adds, “In order to be truly successful, you need to be good to the environment, employees, suppliers, and your customers. But most importantly, you need to be sustainable, you need to have proper working conditions, pay proper salaries, proper prices for paper, source the paper from sustainable sources, pay your taxes, basically be a good global corporate citizen and that's probably one of the biggest achievements that we have.”