Africa has one the highest cyberattack rates in the world, says EY cybersecurity leader Samresh Ramjith.
“We are seeing mobile penetration at more than 100% across Africa. To most people on the continent, mobile phones are the most expensive piece of equipment they own.
“There are people who are suddenly connected to the Internet and are not aware of the risks and threats that present themselves. They are naive because they are new to the Internet, which makes them easy targets,” he noted during an EY Strategic Growth Forum Africa, in Johannesburg, on Thursday.
He added that society was living in a transformative age and that in the past five years, Africa has seen “immense connectivity.”
EY Middle East and North Africa cyber partner Clinton Firth added that, globally, cybersecurity has become a major focus point since the explosion of the digital age; however, many organisations still do not take potential threats and risks seriously.
“Attacks that affect individuals include credit card fraud and phishing emails. At an organisational level, however, attackers try to steal data, intellectual property and, through to governmental levels, State secrets,” he noted.
Firth added that some organisations still needed to understand what to focus on to protect themselves from cyberattacks and hackers.
A recent EY report notes that mitigating cyberrisk does not just mean allocating resources to information technology departments so that it can buy and maintain the latest firewall, it also involves communicating the scale of the risk to stakeholders across the whole firm, and taking organisational steps to reduce that risk, such as mapping key assets and putting contingency plans in place.
The report, entitled ‘Path to Cyber Resilience’, points out that part of protecting an organisation’s assets could be as simple as clarifying who should have access to what data within a company, and who should not.
“Seventy-four per cent of businesses say careless employees are their top cyber vulnerability – a persistent finding since the Internet became a common feature of the workplace,” the report states.
Ramjith noted that it was also important to have a good government ecosystem and framework regarding cybersecurity.
He added that South Africa’s government was in the very early stages of building a strategy, policy and framework around cybersecurity, noting that there was an opportunity to learn from other countries that had multiple iterations of this type of policy.
“Cybersecurity is an issue, but until South Africa is directly compromised, we will see it as an external threat,” he said.
Firth pointed out that strong monitoring capabilities, technological hygiene and awareness were key to mitigating cybersecurity risks.
“From Africa’s point of view, there’s a long way to go, however; in the last 18 months there has been an attitude shift towards sincere, earnest concern.”