The 'State of Cyber Security in Kenya, South Africa and Zimbabwe 2021' report, released by information technology services multinational Liquid Intelligent Technologies (LIT) on September 1, shows that a majority of organisations in these countries experienced an increase in cybersecurity threats and attacks during the past year.
Some attacks have affected businesses' ability to capitalise on business opportunities and led to financial losses owing to lost business and revenues, as well as owing to cyber-enabled financial fraud, perpetrated through email and phishing scams and stolen credentials used to impersonate senior persons in a business to divert payments.
The attacks have had a disproportionately large impact on the healthcare sector and, more broadly, on frontline workers. There was an increase in phishing attacks and breaches of frontline end-point devices and, although companies have rapidly put policies in place to deal with these attacks, cybercriminals took advantage of the delay, says LIT chief commercial officer Dr Craig van Rooyen.
"The significant increase in cyberattacks against the healthcare sector, particularly ransomware and malware, is owing to the value of the information that the criminals can hold to ransom, including healthcare records.
"Additionally, there are more entry points into healthcare owing to connected medical devices, printers that have not been properly secured and fifth-generation devices, among others, all of which are increasing the attack surface."
The main industries, in addition to healthcare, impacted by the increase in cyberattacks are education, mining, transportation, energy and government information technology systems, Van Rooyen points out.
More than half of organisations in Africa do not have adequate safeguards in place. Further, fewer and nascent cybersecurity regulations and laws in countries provide additional space for cybercriminals to operate in, says LIT South Africa cybersecurity group head Ignus de Villiers.
Better cybersecurity controls and mitigation measures, both technical and non-technical, and further developing laws and regulations to improve cybersecurity standards and compliance, are important to enable economic growth going forward, he says.
LIT has also seen impacts on operations in the 13 countries in Africa in which it operates.
In Kenya, ransomware and cyberattacks have led to financial losses or losses of business capabilities, such as operational and production systems not being available, affecting trade, a business' work pipeline or logistics monitoring and management, which impacts on supplier agreements and quality assurances, notes LIT Kenya head of solutions and corporate sales Richard Muthua.
"Some businesses are rendered incapable immediately owing to a cyberattack. Such attacks lead to the loss of business and business opportunities, reducing companies' ability to scale and grow, but also leads to a loss of brand equity, which often also leads to a decline in business," he says.
However, businesses cannot avoid cybersecurity threats and must continue to invest in technology to meet client and business needs. Therefore, security must be a constant in all business decisions, including secure by design systems.
People remain a fundamental consideration, as even the best systems and security measures will be less effective if users are unaware of risks and threats and are not sufficiently skilled to use the capabilities of a system to ensure they are protected properly, he adds.
The report indicates that companies are struggling to close the cybersecurity gaps exposed by a significant move to work from home. About 70% of companies in the countries surveyed have some staff working from home and this increased exposure has increased the attack surface, Muthua says.
The report indicates that the majority of companies in Kenya, South Africa and Zimbabwe have increased the importance of cybersecurity in their business strategies, with most companies (about 95% of respondents) regarding cybersecurity risks as one of the top risks facing organisations, says De Villiers.
Businesses must start looking at deploying zero-trust architectures in their environments that are growing more sophisticated.
Importantly, when developing solutions for the future, the systems must be subjected to the same policing and methodical approaches as those implemented for on-premise security, says Van Rooyen.
This approach would, similar to on-premise measures, need to employ mechanisms to perform security and vulnerability assessments.
"Our architectures, frameworks and standards must also become sophisticated, and how we implement cybersecurity measures into the future is key to ensuring we mitigate short- and medium-term threats," he says.