Across both the public and private sectors on the African continent, ongoing technology adoption, sophistication, the digitization of services and transformation of operational processes has meant that the horizon of cybersecurity risks has not just broadened but increased in complexity.
Beyond the risks to organizations and consumers, there are emerging and growing concerns about some cybersecurity incidents that could potentially destabilize countries and occasion economic hardships.
The enterprise and consumer threat landscape in Africa
With the current levels of technological sophistication, some of the more common enterprise threats on the continent, as well as the actors and their motivations, include:
Malware attacks – by criminals for financial gain and hacktivists who aim to disrupt operations.
Distributed denial-of-service (DDoS) attacks – by hacktivists who aim to disrupt operations and make political standpoints, by criminals who want to disrupt services and by discontented employees within organizations.
Phishing – by criminal syndicates with the ambition of stealing personal information that allows for identity theft and ultimately financial gain.
Ransomware – by criminal syndicates whose end-game is financial extortion.
Personal data theft – from governments and businesses by cybercriminals who seek to sell information to third parties.
Factors driving cybersecurity risks
For the most part, increased technology adoption and digital transformation – including the rise of cloud computing and the uptake of mobile technology – have also brought many cybersecurity risks that need attention.
Mobile adoption has presented both businesses and governments with an additional channel to serve or engage with consumers and citizens and a medium through which payments can be made.
Cloud computing services, which greatly reduce capital and operational expenditure while allowing for agility and quick deployment of services, have been largely driven by improved and more pervasive connectivity options.
Within these technologies there are many threat facets:
Email – end users are targeted via malware and phishing attacks.
End points – including smartphones, laptops and computers, typically targeting end users through whose devices attackers can gain unauthorized access to enterprise information and systems, data theft and spread of malware (especially ransomware).
Servers and networking infrastructure – unauthorized access to infrastructure and information owing to weak security measures. This leads to service disruptions and sometimes financial losses. This is probably the most problematic for organizations as it allows the first two to happen.
Cloud services – where poor configuration or insecure connectivity can lead to breaches.
Software – where vulnerabilities can be exploited to allow access to infrastructure and systems.
Aside from external threats, within organizations a constant Achilles’ heel is people.
One of the biggest and most constant concerns has to do with end-users whose lack of awareness and inadvertent actions sometimes cause serious data breaches for the organization or for themselves.
Other drivers which cut across both public and private sectors include budget constraints (that don’t allow investment in requisite security measures); the absence of internal security policies (which would also encapsulate awareness efforts); standards for vetting equipment, software and processes; and systems architecture problems.
Outside of organizations and away from technology, from a regulatory point of view, weak enforcement, and the lack of standards and incident response protocols are also major contributors to cybersecurity threats.
For some sectors that are most vulnerable, like financial services, the responsibility for this spreads out to industry associations and different regulators.
However, for sectors that are less regulated and more fragmented or less homogenous in nature (e.g. retail) there are still gaps which need to be filled.
The impact of cybercrime
Cyberattacks manifest differently ranging from:
Economic impact – loss of revenue, recovery and mitigation costs, etc.
Loss of trust – erosion of consumer or citizen confidence especially in sectors like finance, healthcare and government.
Loss of data – and the increased risk of identity theft, financial fraud, etc.
General operational disruption – which itself can be measured financially.
Looking beyond the threats that affect businesses, governments or consumers, there are also actors with peculiar motivations pertaining to human rights, geopolitics, national politics and economic issues.
This is a dominion where greater scrutiny may be required as the risks are not always clear and mitigation measures vary vastly.
Offshoring cybercrime
Several African countries have, over the years, touted themselves as great ICT offshoring destinations, based on the strength of improved infrastructure (connectivity and power), a growing skills base, low labor costs and great weather.
Some of these attributes have also appealed to criminal syndicates who have been setting up operations in several African countries.
African countries may not yet account for a big proportion of cybersecurity incidents or losses incurred – based on the relative size of different countries’ economies – but they are increasingly playing a role in enabling cybercrime within and outside the continent.
Several countries are becoming hosts from which cybercrime attacks emanate as vigilance has mostly been from more problematic countries in Asia and Eastern Europe.
Thus, criminal cells have set up their networks in countries from which traditionally attacks did not emanate from before.
_(1).jpg?width=700&auto=webp&quality=80&disable=upscale "Hacker in a hoodie sitting in front of two computer monitors")
Several African countries are becoming hosts from which cybercrime attacks emanate. (Source: Image by DC Studio on Freepik)
West Africa stands out as one of the growing hubs for cybercrime.
Around mid-2024, The International Criminal Police Organization (Interpol) moved in on one of the more prominent criminal networks, Black Axe, whose operations span five continents and whose activities include online fraud, money laundering and cryptocurrency theft.
Other factors that are allowing this offshoring of cybercrime include:
Weak regulations – for example, not enforcing SIM registration thereby allowing SIM boxing to be used for financial fraud, phishing and scams.
Absence of mechanisms and institutions that can effectively undertake traffic monitoring.
Hacktivism
In countries where there are human rights violations, issues around poor governance or corruption, “benevolent” hacktivists have taken it upon themselves to show allyship with citizens by disabling government websites and services in a bid to lend their weight to existing concerns.
Hours delivered back to the business
SOX compliance in Settlement process automation
Success rate of bot case completion
For functional release of OBT, RTS and OGS
The Chalange
Following a period of rapid growth through acquisition, Paysafe were looking to achieve enterprise-wide operational efficiencies and alignment. In order to do this, they chose to focus firstly on their customer services, merchant operations, risk and compliance functions.
Paysafe’s fast-paced expansion had resulted in a lack of process consistency & standardisation across their acquired brands. The numerous manual and non-transparent processes at play were something Paysafe were keen to address.
Additionally, in the face of increasing industry regulation and compliance requirements, Paysafe were eager to stay ahead of the curve in responding to these changes, whilst also maintaining the relentless customer focus and agility that is at the core of their DNA.
What did
Tecnologia do
Paysafe & Tecnologia’s shared appreciation for the power of combining scale and global reach with flexibility and agility made our partnership an obvious choice. Tecnologia have been working with Paysafe since November 2020 in 2 key workstreams: Automation Delivery and Mobile Chatbot Migration, supporting the Paysafe Automation365 team specialising in Cognitive and Robotic Automation.
Automation Delivery – Tecnologia are working with the Paysafe Automation365 team to identify, design, build, test and deploy automated solutions using UiPath Automation Software. Thus far Tecnologia have delivered 28 Automations across 3 core business functions: Merchant Services, Consumer Services and Risk.
Mobile ChatBot Migration – Tecnologia led the migration of chatbots from a web browser platform to mobile platforms (Android and iOS). In addition to this, Tecnologia has implemented an intermediate communication layer to enable a seamless handoff between chatbot and live agent providers to win and support new deals.
The Results
- 30+ processes delivered
- Over 30,000 hrs delivered back to the business
- 100% SOX compliance in Settlement process automation
- >95% success rate of bot case completion
- SDK delivered for native platforms, enabling Virtual & Live agent communications across multiple mobile platforms
