’African organizations face unique challenges that need very unique solutions’

Greater accessibility of mobile devices has seen digital connectivity spread throughout African countries, as the continent looks to develop its cybersecurity sector to bolster job growth and mitigate the emerging threats of online security.

Recognized African tech hubs such as those found in Kenya, South Africa, and Nigeria, have seen their communication networks transformed with Android systems, in part thanks to low-cost smartphones and greater 3G access.

But it often comes at the cost of security, specifically malware and social media scams which add to the already-extortionate levels of cybercrime.

“If I look at four years back in cybersecurity, nobody knew what you were talking about,” said Christian Kisutsa who works for Euclid Consultancy, a cybersecurity company based in Nairobi.

“So there’s been a lot of awareness raised since then, but we’re still in the very early stages of growing talent.”

According to a 2016 report by the African Union Commission (AUC) and the cybersecurity firm Symantec, only 20% of African states currently have the basic legal frameworks in place for countering cybercrime – activity that will only rise as Africa’s e-commerce industry expects to reach $75 billion by 2025.

In Kenya, for example, a country with one of the continent’s highest internet penetration rates at 69%, legislation such as the Computer Misuse and Cybercrimes Act aims to combat financial losses, predominately attributed to banking malware and card skimmers, which totalled KSh 21 billion (around $208 million) in 2017, as stated in a report by cybersecurity consultancy Serianu.

A second report by Serianu estimates that cybercrime across Africa reached $3.5 billion in 2017, a cost that has propelled the Nairobi-based firm to take the lead in training the next generation of cybersecurity professionals, by opening technical coaching centers in Kenya and Mauritius this year.

“Currently, most training modules in Africa are a copy-paste from the West,” Brencil Kaimba, a representative from Serianu, told The Daily Swig.

“This is because, for the longest time, this model worked. But now, we realize that African organizations face unique challenges that need very unique solutions.”

Serianu predicts that the African cyberskills shortage will reach 100,000 by 2020, and that by concentrating on hands-on, local-focused training, markets throughout the continent can rise to the majority mobile threats that they face.

But while awareness of information and mobile security may be a lot better than it was four years ago, as Kisutsa says, the infancy of the sector has translated into few lawmakers possessing the technical know-how of what makes good digital hygiene – often at the result of implemented measures that assist, as opposed to deter, levels of cybercrime.

“Developing hacking tools for penetration testing is considered illegal under the new bill,” Kisutsa told The Daily Swig.

“It [the bill] does not take into consideration the motive for creating such tools. I just don't think the government understands these issues at all.”

While the problem indeed sounds similar to the difficulties of invoking a security-first mindset globally, the lack of expertise in African countries is amplified by unaffordable costs related to certifications.

Technical training at one of Serianu’s centers costs $1,000 and is generally less expensive than most European facilities – and schooling, in general, does not particularly cater to a career in cybersecurity.

“The education system is what makes things difficult [in Kenya],” said Kisutsa. “Unlike in the UK and US, where you’ll find fully specialized cybersecurity courses, here it’s mostly electives.

“So, at the university level you are thrown into an IT degree and then you have an elective that’s cybersecurity.”

Yet the absence of resources in Africa has a knock-on effect, producing a self-starter attitude that sees infosec enthusiasts turning to online training, creating their own hacking communities to instil support and grow the industry from the ground up.

In Kenya, for example, AfricaHackOn, has held coding boot camps at universities since 2014, and in South Africa, Africa Teen Geeks gives kids from disadvantaged communities a chance to solve real world problems by teaching them technical skills, while opening up doors to a cybersecurity career path.

“The sooner we can teach innovation and entrepreneurship to our kids, the sooner we can start raising the next generation of Africans who are innovative,” Lindiwe Matalali, founder of the South African non-for-profit, told The Daily Swig.

“If you look at some of the top companies in tech, how many of them would you say were created from Africa? There are very few.

“That’s not because we don’t have the activity, drive, and talent in our country, but that our continent is underutilized and that our education system mainly teaches study to get employed. We have to start exposing them to innovation.”

Africa Teen Geeks has been training children from six to 18 years old since 2014, having reached over 40,000 kids so far, according to Matalali.

Earlier this year, in partnership with Symantec and the United Nations, Africa Teen Geeks ran a global hackathon youth competition in the US aimed at solving problems related to cybercrime. The team from South Africa, Wakanda Vibes, who trained under the Africa Teen Geeks program, won.

“We are able to show the kids how they can use their skills that we taught them for something good,” said Matalali. “If you don’t get them exposed to using the right skills for the right reasons they may end up in the wrong crowd and using those skills for unethical things.”

Matalali and African Teen Geeks are currently working with the South African government to pilot a coding teaching curriculum that could be used in schools nationwide, and are equally assisting other countries to make use of their university communities in order to ignite a hacking culture suitable for Africa.

“What you find is happening is that you have consultants that come from outside, from London for example, to advise us,” said Matalali.

“They bring what they know and provide solutions for what is right in the UK – but we don’t have the same kind of infrastructure here. So it’s about creating the manpower, or the human capital, and then starting to create solutions that work for us.”