A number of African countries including South Africa, Nigeria, Angola, Egypt, Mozambique, Tanzania, Niger, Morocco and Tunisia have reportedly been attacked by the recent “WannaCry” ransomware malware that hit institutions around the world. Ransomware is a type of malicious software designed to block access to data or a computer system until a sum of money is paid. The ransomware attack has compromised mostly public institutions and businesses in over 150 countries. The malware, which has gone by multiple names, including WannaCry, WannaDecryptor, and WannaCrypt threatens to erode Internet trust and cripple businesses.
While, the incidents are widespread and expected to continue, they beg two questions:
Should Africa be alarmed by cyberthreats, such as this recent attack?
Does Africa have the cybersecurity preparedness and capacity to deal with these types of threats?
Africa is home to some of the world’s fastest growing economies, with Internet playing a catalytic role to this growth. Africa’s Internet penetration rate is 27% (Internet World Statistics, March 2017) and the mobile penetration rate is 47% (GSMA). Without a doubt, Africa has experienced explosive growth in the use of technology and ICTs in recent years. African hospitals, banks, government institutions, and other organizations rely on computers and the Internet – any interruption can cause major damage to their economy and society. There is no doubt Africa should be as concerned as the rest of the world about these kinds of cyberthreats.
To answer to the second question, we need to discuss how Africa can prepare against such risks. No one person can solve these problems alone. The Internet is developed and managed thanks to the contribution of many stakeholders from around the world and the solution to cybersecurity is no different. Everybody should contribute to making the Internet safe. An individual or organization who doesn’t protect their computers endangers the whole the Internet.
Africans have a role to play in making the Internet safe for them and for the rest of the world, though there are some challenges ahead. Africa lacks adequately skilled professionals, it has limited public awareness on the risks of cyber attacks, it lacks knowledge of cyber law enforcement mechanisms and lacks practical regulatory guidance from governments, etc. The Africa Union Convention on Cyber Security and Data Protection is a great tool and recognition that African policy makers acknowledge the problem of cyber security – but it is not a silver bullet. All stakeholders at the regional, national, organizational, and individual level should work together to mitigate the risk.
The Internet Society urges a multi stakeholder approach in resolving these challenges. Olaf Kolkman’s blog It’s Up To Each Of Us: Why I WannaCry For Collaboration details the Collaborative Security approach, while Niel Harper provides tactical “how to” advice in 6 Tips for Protecting Against Ransomware.
In addition, ISOC and its partners at the Geneva Internet Platform/Diplo Foundation are organizing a webinar about WannaCry on 18 May 2017 at 11:00 UTC, which is open to all. You may also be interested in this detailed collection of WannaCry information from GIP Digital Watch: WannaCry: The ransomware cyber attack explained.