Friday, November19, 2021 / 03:45 PM / by KnowBe4 / Header Image Credit: Baton Rouge

What trends shaped 2021?And what lies ahead in 2022?

There are several trends that have dominated theAfrican cybersecurity landscape in 2021. The continent remains a point ofinvestment interest as connectivity and mobility continue to grow - with only38% of the population connected, there is massive opportunity compared withdeveloped markets. This situation has seen a subsequent surge in investorattention, particularly in the FinTech and telco spaces, and an equally high,but concerning surge in cybercriminal activity.

"Cybercriminals see the opportunity in this new andformative market too", says Anna Collard, SVP Content Strategy & Evangelistat KnowBe4 Africa. "Considering that nearly half of the world's 1.2 billionpeople registered for mobile money are based in Sub-Saharan Africa, and that63% of the mobile dollar value is spent in this region, it makes sense that ithas become a hot zone for investors and cybercriminals alike".

This trend towards Africa as the lucrative shores uponwhich these modern-day pirates beach their ships is one that will likelycontinue into 2022. Most countries in the region do not have adequatecybercrime regulations in place and face significant skills shortages. A lowlevel of general awareness means most consumers do not know how to ensure thattheir online behaviour is secure and smart.

"Another issue is that a significant number of Africanbusinesses operate without basic cybersecurity controls in place" says Collard. "This makes them all ripe for the picking. A recent study undertaken by Sophosfound that 58% of South African organisations experienced an increase incyberattacks since the pandemic and KnowBe4's September 21 survey showed that32% suffered a ransomware attack. What is also a concern is that identity fraudhas seen a 337% increase over the past two years".

Add to this the recent SABRIC survey that underscoredthe growing threats of social engineering across online and mobile banking, anda complex and worrying picture emerges. The statistics, across the board, pointto a consistent increase in attack numbers and sophistication. They also draw ared line under Africa - 2022 needs to be the year when the continent ramps upits cybersecurity efforts to protect citizens and economies.

"Another trend is public awareness", says Collard. "This has remained consistent for many years, but it is becoming increasinglyclear that educating people about the risks, and giving them the tools they needto combat the risks, is critical. If you look at mobile banking fraud, in mostcases, the successful crimes were because of phishing and social engineeringtactics".

"Cyber extortion crime is another major trend. If youlook at the ransomware events that dominated local headlines in 2021 themessage is not just that ransomware can be lucrative, but that cybercriminalsare combining various methods to make their cyber extortion more effective", says Collard. "Demands are getting bigger and the impact more pernicious to oureconomy and society as a whole".

In 2022, these attacks are going to worsen and theirimpact will become increasingly expensive as criminals up the ante. The groupsthat perpetrate the attacks know that this is a lucrative gig, so why wouldthey stop? For the organisation, it could cost them money and reputation. Forthe public sector, it could cost citizens access to critical infrastructure,and worryingly, the public sector is extremely vulnerable.

"Only 30% of the South African public sector feelsprepared for the cyber extortion onslaught", says Collard. "The fact that thesector admits it is not prepared for this, and the fact it is an attractivetarget, means that its security has to become a priority. There also needs tobe more of a focus on mobile malware and cryptocurrency attacks. These are setto become more targeted and capable over the next year, so users need to beaware of the risks and the scams".

Finally, 2022 will very likely come with more deepfake technology in social engineering attacks such as phone phishing. Likewise,the increased use of IoT devices, often implemented with default passwords andgaping vulnerabilities, will put organisations at risk.

"What this means for the future is that individualsand organisations need to expect more high-impact extortion attacks and moredata breaches", concludes Collard. "It is critical that there is moreinvestment into upskilling and focus on collaboration between public andprivate sectors. Initiatives such as South Africa's cybersecurity alliance aimto achieve exactly that.

Related News

1. ThinkNnovation 2.0 Tasks Organizations on Taking Proactive Measures to Strengthen Cybersecurity
2. FITC, NIBSS Hosts ThinkNnovation Conference on Post-Covid Cybersecurity Risks
3. Cybersecurity; Now the Panic Starts
4. CSCS Advocates Collective Cybersecurity Responsibility
5. Major Cybersecurity Threats Facing Nigerian Economy
6. NITDA, Kaspersky, DELL and Many Others Addressed the 'New Normal' with Cybersecurity in Africa
7. Cybersecurity Checklists for Remote Working
8. Cybersecurity and the Public Good Argument
9. CIBN President Tasks Banks On Strengthening Cybersecurity
10. Stakeholders Harp on Robust Cybersecurity Architecture for Financial Services in Nigeria