by Antony Mutunga
‘Africa must take full advantage of the digital revolution to empower its citizens and enhance transparency in government and the private sector’ – Rwanda President Paul Kagame during the high-level African Union (AU) Economic Commission for Africa (ECA) event on digital identity in Addis Ababa, Ethiopia in November 2018.
And Africa has indeed started taking advantage of the digital revolution, from increasing access to the internet for the ever-growing population to more businesses and institutions incorporating digital technologies into their practices. However beneficial, this has come with challenges as African countries have yet to invest as much into cybersecurity.
According to Brandon Muller, Kaspersky tech expert, and consultant in the Middle East and African region, 47% of industrial control system (ICS) computers in Africa have been attacked with malware compared to 40% globally. ICS, a collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process, have in the past yet to be connected. Still, with the digital era advancing, they are now connected and at the mercy of hackers and cybercriminals.
In Africa, some countries saw their ICS infrastructure compromised in 2022, with Ethiopia at the top (62%), followed by Algeria (59%) and Burundi (57%). Other economies include Rwanda (46%), Kenya (41%), Nigeria and Zimbabwe (both stand at 40%), Ghana (39%), Zambia (38%), as well as South Africa and Uganda (both at 36%). ICS attacks have been rising, primarily affecting the energy and mining sectors.
With cyber-criminals and hackers evolving with the advancing technology, more than traditional cyber-security is needed to protect industrial environments. Without the proper security, an infected USB drive is enough to penetrate an ICS network, according to Brandon Muller.
What happens during an attack is first, a reconnaissance takes place during the first part of the attack, which allows a hacker to survey the environment. Next, the hacker deploys tactics to get hold of the network by checking possible vulnerabilities. With this information, a hacker then launches malware to use the vulnerabilities; through them, they can cause changes to specific operations and functions or adjust existing controls and configurations.
Attacks against critical infrastructure have been increasing; thus, choosing the ideal approach to secure one’s systems is more crucial than ever. “ICS protection is geared towards operational technology (OT) security where it is all about cyber-physical companies such as utilities, mining, manufacturing,” said Muller.
Effective OT cybersecurity measures must therefore include industrial endpoint protection to prevent accidental infections and make motivated intrusion more difficult, OT network monitoring and anomaly detection to identify malicious actions on the level of programmable logic controllers, and dedicated expert services to investigate the infrastructure, conduct expert analytics, or mitigate the impact of an incident.
To avoid things like infected USBs and phishing emails that may compromise the network, companies must train their staff to prevent fatal human errors. Human error is one of the leading reasons for compromised ICS systems. There is a need for more investment and support to manage it. “This requires utility companies, mines, and others operating in the industrial environment to look at building a human firewall,” said Muller.
Organisations that rely on ICS systems can no longer stick with basic training as the industry registers growth; we need easily memorable, practical, and digestible training that will stick to the mind. Companies must provide training to ensure staff are armed with the latest skills and knowledge, especially given how quickly cyber incidents evolve.
African industries are crucial for the African economy; they account for much of the growth in the continent. Securing them from cyberattacks is essential, and updated cybersecurity is vital to ensure they do not fall victim to
evolving hackers. (
Email your news TIPS to Editor@nairobilawmonthly.com, and to advertise with us, call +254715061658 anytime of the day
