Africa faced with increased digital threats

At the recent IT Web Security Summit held in Sandton, Barry Irwin, a Senior Lecturer in the Department of Computer Science at Rhodes University, warned that with African nations experiencing improved digital connectivity, security threats were bound to increase.

Barry was speaking at the IT Web Security Summit, South Africa’s leading information security conference for the ICT industry, which is addressed by top international and local security experts. Notably, Barry was the sole academic researcher invited to speak at the 2010 Summit.

Barry drew attention to the many initiatives intended to bring improved levels of Internet connectivity on the African continent. He said, “As the number of undersea cables linking Africa to the rest of the world increases, we will see greatly increased bandwidth, and reduced costs for Internet connectivity.

“While this is an important step towards improving Africa’s access to the information networks that link the world and helping Africans to bridge the “digital divide”, it is not without its problems. One of the major challenges was the perceived poor reputation for illegal activity on the Internet the continent had.

“The high level of software piracy found in many African countries, was seen as an aggravating factor. According to a recent Business Software Alliance/IDC global software piracy study, 90% of the software used is Zimbabwe was found to be illegal. Several other nations, including Zambia, Botswana, Nigeria, Tunisia and Kenya, were found to have piracy rates above 80%. The situation in South Africa is perceived to be slightly better, at a level of 36%, which is just above the global average of 35%.”

Barry argued that this scenario was from an information security perspective problematic since computers using illegal software were generally not able to access the regular “patches” brought out in response to security threats.

“As is known, unpatched computer systems become sitting ducks for cyber-criminals looking for “botnets” (armies of computers that have been taken under the control of someone for the purpose of sending out spam, phishing emails, or other illegal activities).

Barry’s research and that of other security research groups indicates that African networks were increasingly targeted by cyber-criminals. Most South African Internet users will be only too aware of the dramatic increase in phishing attacks as criminals target bank customers through fake emails.

Fortunately, there are signs that the threats are being recognised and that action is being taken in some areas. For example, Tunisia and South Africa have both established national Computer Security Incident Response Teams (CSIRTs). 

However, if serious consequences for the continent are to be avoided, much more would need to be done. “Specifically, African ‘botnets’ would need to be locked down, and phishing and spam be confronted more aggressively,” Barry said.

He noted that this will require a multi-faceted approach, including self-regulation by the ICT industry, identification of insecure operators including “naming and shaming”, and improved user education.

Barry’s address to the delegates at the ITWeb Security Summit was well received as being a timely warning. Subsequently Barry was invited to repeat the presentation at the North Africa Com communications congress to be held in Egypt in October 2010.