Known unknowns: the threat of cybercrime in Africa

New technology is rapidly turning Africa into a source, and a target, of cybercrime.

The rapid development of technology improves lives and enables more efficient operations in the private and public sectors. The challenges that have emerged as a direct consequence, however, can also undermine progress and expose users to illicit activities online.

Before 2000, Africa hosted only 4.5 million Internet users. Since then, telecommunications markets have been liberalised and affordable mobile technologies have become increasingly available. Today, there are close to 400 million users online on the continent.

According to a 2016 report by the Global Forum on Cyber Expertise, it is estimated that Africa’s e-commerce industry will be worth US$75 billion by 2025. But while mobile technologies transform African societies by providing a major form of connectivity, they have also turned Africa into both a source and a target of illicit online activities. According to one report, in 2012, the number of targeted cyberattacks in Africa increased by 42% from previous years.

The number of targeted cyberattacks in Africa increased by 42% from previous years

As opportunity increases on the continent, so too do the associated risks. Africa has become more vulnerable to general online security threats, intellectual property infringement and the theft of personal data. Indeed, it is estimated that 80% of all personal computers on the continent are infected with viruses and other malicious software.

Today’s cybercriminals no longer require users’ consent or knowledge to access valuable pieces of personal data. Cybercrime is, across the board, becoming bolder and more advanced; not only in how victims are targeted, but also the amount of money sought. In 2016, Serianu ranked the sectors most vulnerable to cybercrime on the continent, and placed banking and government at the top.

In West Africa, for example, two distinct groups of cybercriminals have emerged, namely the ‘Yahoo Boys’ and the ‘Next-Level Cybercriminals’. The two are distinguished by their structure and type of crimes they commit. While the Yahoo Boys mostly operate traditional advance-fee scams, the Next-Level Cybercriminals engage in more complex attacks against corporations and involve tax scams, with connections both in Africa and outside the continent.

As cybercriminals target victims both inside and outside their national boundaries, African countries have struggled to build the technical and financial capacity needed to target, monitor and thwart illicit online activities. There are simply not enough trained professionals, and historically there is little political will in many countries to tackle the issue.

2014 reports said cybercrime was increasing more rapidly in Africa than anywhere else

This stems from a combination of factors, including insufficient budgets and a tendency to overlook the ‘invisible’ threat. The cybersecurity infrastructure on the continent is in itself weak, with factors like outdated or pirated software leaving African countries vulnerable to serious security risks.

Cybercrime is a global phenomenon, with certain reports contending that it now surpasses drug trafficking as a criminal revenue source. Its impact is particularly pervasive in Africa, given the lack of cohesive cybersecurity policies and inadequate IT infrastructure.

In 2014, it was reported that cybercrime activities were increasing at a more rapid rate in Africa than anywhere else in the world. Again, this points to criminal networks taking advantage of the continent’s weak IT infrastructure to proliferate threats from ransomware, social media scams and new malware.

In South Africa alone, 73% of adults reported having experienced cybercrime, at an estimated cost of US$337 million to the economy. Of particular concern is the increase of mobile malware, rising in tandem with the continent’s liberalisation of telecommunications markets and widespread availability of mobile technologies.

In Africa and elsewhere, the problem is a lack of understanding about cybercrime and laws to stop it

A fundamental problem in combatting cybercrime – in Africa, and elsewhere – is a general lack of understanding about what cybercrime really is, and of cyber law enforcement mechanisms. This creates a low risk of prosecution, which incentivises criminals and increases the challenge ahead.

Nonetheless, the increasing financial impact of cyberattacks has fuelled an acknowledgment among both the private and public sectors that there is a need for effective responses – even if, for now, attempts to tackle the threat of cybercrime remain inadequate.

Mark Shaw, Director and Laura Adal, Senior Research Analyst, Global Initiative against Transnational Organized Crime

This article draws on an ENACT report: Africa’s changing place in the global criminal economy. The ENACT project is funded by the European Union (EU). The contents of this article are the sole responsibility of the author and can under no circumstances be regarded as reflecting the position of the EU.

In South Africa, Daily Maverick has exclusive rights to re-publish ISS Today articles. For media based outside South Africa and queries about our re-publishing policy, email us.

Picture: Christiaan Colen/Flickr

Related content