Bharat Panchal, Chief Risk Officer, India, MEA & Africa, FIS talks about the security landscapes of different regions here.
What is the difference between cybercrime in India, West Asia and Africa?
Bharat – Almost 75 to 80% of cybercrime in different regions have only single motivation for financial gain. There are various other intentiions like reputation damage, sabotage, espionage etc. But, well-targeted and coordinated data breach is one of the most known crimes which is happening across the world and these regions are not immune from such breaches. India alone has seen massive data breaches in recent months. However, in the Africa continent, largely IT systems are having very basic level security controls and very less skilled resources to deal with cybercrime, they are more exposed to social engineering, malware-infected emails, remote code execution.. Africa being a soft target and many users using cheaper mobile devices that don’t have security built-in, it is easier for threat actors to inject malware.
Africa is a big continent. What are the differences in Cybercrime between different countries of Africa?
Bharat – Cybercrime is of topmost concern to the African business community, which is losing more than 7 billion every year to cyber fraud and theft, and consistently ranks cybercrime as one of the top threats faced. However, the spread of cyberspace is giving rise to new, destabilising forms of organised crime which are somewhat unique in the continent. Rising internet penetration and continuous improvement in digital technology are also beginning to alter the financing and market dynamics of more traditional organized crime. Through social media platforms and other more hidden “darkweb” platforms, African criminal networks are increasingly trafficking illicit diamonds, small arms, prohibited drugs, humans, art, and artifacts online.
Cyber-attacks don’t happen equally across its landscape. But countries like South Africa, Kenya, Nigeria and Angola receive much more attention from criminals, attracted to digital maturity, diverse industries, and large corporate landscapes.
In Africa, attacks on critical infrastructure are becoming frequent. Banks are particularly common targets, losing billions of dollars to theft and service disruption. The National Security Agency of Nigeria and the Municipal Corporation of Johannesburg have been victims of attacks recently and were forced to shut down their services. With cyberattacks against maritime infrastructure on the rise ranging from piracy to stealing database logs, Africa’s ports and shipping industries could suffer an attack causing major disruptions in trade and commerce which in turn cause a serious impact on the global supply chain.
What differential strategic strategies should be evolved to meet these cyber frauds?
Bharat – The higher attack rates are seen because consumers and businesses don’t have the latest technologies with the best security embedded in their businesses. Also, there is a lack of general awareness around security in less developed regions in the continent and lastly, the cost of security is a significant contributing factor. As a part of the emerging economy across the continent, most of the countries in Africa don’t have the hefty budget to spend on technology and security refresh cycles. Numerous businesses rely on legacy on-premises environments that, in some instances, have passed their shelf-life even.
Nevertheless, it has been now understood that it’s a time for everyone to deploy better training, better security systems, better personal security, and generally better awareness of the types of attacks. As the technology landscape changes and cloud and mobility are taking space into African businesses so deeply now, there is a need for more inclusive security policies. When there are right policies are in place, enforceable compliance to those policies to be a good strategy to have. To manage the continent’s growing risk of cyber threats, governments need to increase investments in cybersecurity capabilities, national strategies, and policies. The governments also need to have a strategy to strengthen defensive systems by protecting IT Infrastructure, communications networks, and other critical security infrastructure from cyber attacks. As a defence mechanism, it is utmost necessary to build capacity to monitor and respond to espionage, cyber-attacks, sabotage, or illicit resource transfers by organised criminal networks and state actors.
How does India differ from other countries in this matter?
Bharat – Cyber crime is now a universal issue and India is not different than other countries. Indian industry has witnessed some of the massive data breaches. Prolong electricity outage in Mumbai during Oct ’20, compromised 3.2 million debit card data. Cyber-attack on Pune based bank cost almost 100 Cr Rupees, one of the important terminals at JNPT port remained shut for a long time due to Petya Ransomware attack on global IT systems of shipping firm AP Moller-Maersk, etc. are the few instants which have resulted into massive direct and indirect damage to the overall economy, brand, business, reputation and eventually to their customers.