Africa Has World’s Lowest Commitment To Cybersecurity. Kenya’s Safaricom Wants To Change That
There are hopes that African cyberspace could become more secure and the continent can improve its position in global cybersecurity rankings as one of its leading operators moves to secure its mobile money network.
Leading mobile operator Safaricom plans to start using photos to identify people using its M-Pesa platform in an effort to cut down on fraud, according to a report earlier this month by Kenyan national Business Daily.
There have been numerous cases of fraud via M-Pesa, as there have on other mobile money networks across the continent, and in a bid to combat this Safaricom has said it has distributed about 25,000 pre-programmed smartphones to its mobile money agents to be used in the registration of new SIM cards.
The process apparently involves capturing images of the faces of SIM card owners, and then storing digital copies of these for retrieval during M-Pesa transactions. The phones are linked to the Registrar of Persons’ database, which will help to verify the data.
This is a step in the right direction, yet it is imperative that Africa as a continent does better. With cybercrime on the increase globally, and recent major attacks such as WannaCry, which infected millions of computers across the world, more must be done to secure cyberspace.
The continent has been especially poor at doing so. According to the recent International Telecommunications Union (ITU) 2017 Global Cybersecurity Index, which measured the commitment of member states to cybersecurity, Africa’s level of commitment is the lowest globally.
Only two countries on the continent – Mauritius and Egypt – are in the leading stage of demonstrating high commitment to cybersecurity, while many of the rest have only made it into the maturing stage. Such countries include Kenya, Rwanda, Nigeria, Uganda and South Africa. Africa also hosts the least committed countries globally, namely Equatorial Guinea, the Central African Republic and Guinea-Bissau.
This must change if African countries and companies are to combat the growing threat in order to protect the increasing number of internet users on the continent.
Data safety in the context of cybersecurity
The new M-Pesa registration process has led to some concerns over the safety of an individual’s data, but Leonard Kore, a senior analyst in telecoms and media at the International Data Corporation (IDC) in East Africa, said the digitization of records is always a good thing, especially on mobile money platforms.
“This ensures transparency and accountability for both users and agents. Digitizing records also enables quick search look-ups for past mobile money records or transactions as opposed to pen and paper formats,” he said.
Kore added that there are other useful reasons for digitizing mobile money data.
“For example, in Kenya, banks and other smaller microfinance institutions are now using mobile money records to award bank loans to users. This is particularly useful for small businesses and individuals without mobile money records,” he said.
What is interesting about the move is that Safaricom is obviously keen to lift its customer security levels to be on a par with those of commercial banks, a move that should be applauded given the extent to which M-Pesa has been used for fraud.
Kore said that security is a concern with all digitization processes.
“But key security breaches will revolve around third party applications and integrations, while social engineering is always a concern,” he said.
“Looking at key platforms such as Safaricom’s M-Pesa, the telco has done a good job in terms of security. However, there are issues revolving in fraud where social engineering or con games which take place, so users have to be vigilant.”
More institutions and companies need to follow Safaricom’s lead, especially as cybercrime on the continent increases.
According to global cybersecurity company Kaspersky Lab, there were around 476 million cyber attacks globally last year, up from 224 million in 2015. In the first quarter of 2017 alone there were 2.26 billion cyber threats.
The African figures are especially concerning, with 42.8 percent of South African internet users affected by local threats, and those in Algeria, Tunisia, Morocco and Egypt also at high risk. Cybercrime has increased exponentially in West Africa since 2013.
Kore said cybersecurity can be an expensive business.
“It is very costly of course, if you check industry stats on how many transactions are being processed per minute and global threats such as ransomware,” he said.
Safaricom’s move may only be a baby step designed to secure one network, but it should be used as an example of how Africa can develop to keep people safe online.
Tom Jackson is the co-founder of tech news and research platform Disrupt Africa and a journalist covering innovation on the continent from the Cape to Cairo.