A report by Kenyan-based IT firm, Serianu Limited, has revealed that the economy lost a total of US$50 million to cybercrime in 2016.
The report dubbed ‘Achieving Cyber Security Resilience: Enhancing Visibility and Increasing Awareness,’ shows that five African countries lost a combined US$895million to the menace–comprising an indirect loss of $537m and direct loss of $358m.
The breakdown of the report shows that Nigeria recorded the highest figure of US$550 million, followed by Kenya and Tanzania with US$175 million and US$85 million respectively. Ghana and Uganda also recorded US$50 million and US$35 million respectively.
The report further reveals that insider threats, which refer to fraud involving information or employee abuse of IT systems and information, are a bigger security threat compared to outsiders for African organisations.
Worryingly, the report states that most organisations in Africa are ill-prepared to deal with information security threats.
“This is brought about by lack of sufficient budgets, lack of skilled professionals and lack of visibility within the organisation.
Security professionals are struggling to demonstrate business value to senior management because they are providing very technical operational metrics whereas business managers are looking for more business-oriented metrics.
Lack of practical regulatory guidance from industry regulators and government is leading to poorly implemented and unenforceable security controls since they are not local focused but rather copied and pasted regulations,” the Serianu report states.
It is also reported that ICT security expenditure in African countries is estimated to grow from approximately US$1.24 billion in 2015 to US$3.6 billion in 2020.
To achieve this, the Serianu report recommends that African countries need to harden their infrastructure and services to enhance the resilience of the underlying foundation and combat information security threats.
“African countries need to enhance the security competencies of technology users and ICT security practitioners. This will ensure that there is greater adoption of essential security practices among technology users and ensure that ICT security practitioners have adequate knowledge and capability in managing ICT security risks.
Given the borderless nature of cyber threats, it is important for African countries to continue working closely with international counterparts and also encourage cross-border collaboration within the continent,” the report states.
Efforts by Ghana
It is reported that a good number of private and public companies in the country are not security conscious, thereby, making them susceptible to cyber-attacks.
The websites of the Vice President of Ghana, the National Communication Authority, and the National Information Technology Agency have all been compromised by hackers recently.
It is against this background that the Ministry of Communications in 2014 drafted the Ghana National Cyber Security Policy and Strategyto serve as a roadmap for securing the country’s cyberspace as well as to boost investors’ confidence. The policy was approved by cabinet in November last year.