Mark Akinyode, group chief information security officer at Ecobank – a Togo-based banking group that operates in 35 African countries – believes that digital platforms in the region are becoming more attractive to cybercriminals due to the sheer value of transactions taking place.
“Most banks in Africa are now driving a digital agenda,” says Akinyode, whose banking group has a five-year strategy to reach 100 million customers in the region.
“Digital is being used as a platform for transacting financial services. Any bank that is not going digital will not [remain competitive] in the region. We have seen the growth in the footprint of digital technology in financial services. We have seen significant growth in the number of transactions and the value of transactions, including in mobile money. In 2020, there were 161 million active mobile money customers in the region transacting daily, according to a GSMA report. They transacted $465bn in 2020. That is huge.”
However, such growth comes with bigger risks, particularly when it comes to cybercriminals. “As the mobile money platform has expanded it has become more attractive to fraudsters,” says Akinyode. “The value of the transactions makes it so attractive.”
Africa’s financial cyber crime threat
Akinyode believes that cybercriminals have become a type of stakeholder in financial services. “There is no financial services organisation that puts together a strategy at board level that does not consider the cyber crime perspective, and that tells me that they are stakeholders,” he says.
He adds that the threats that African banks and their customers face are similar to those throughout the world. “If you look at attacks in the US, the initial attacks often start by phishing emails, so [African banks] have phishing emails like every other bank in the world,” says Akinyode. “We have identity theft because the criminal wants to be able to put a foothold into your environment through phishing, through emails or SMS messages. They think they need your identity to be able to exploit your environment. We face business email compromises. Ransomware is on the increase in Africa just like everywhere in the world. Data theft is also on the increase.”
Out of a total population of about 1.3 billion people in Africa, in 2018, the estimated number of certified cybersecurity professionals in the region was only 7,000, representing one for every 185,000 people.
“I am not really surprised by that number, considering the fact that cybersecurity is a relatively new industry in Africa,” says Akinyode.
“The reality is that it is a growing field and I feel that, over time, the gaps will definitely be covered. People are beginning to show a lot of interest in cybersecurity, partly through the awareness that financial institutions are doing. They realise this is real, this is quite interesting, and I think we will see a significant change in the number of people [qualified in] cybersecurity. Let me give you an example; universities in Europe offer cybersecurity as a degree – how many universities in Africa offer it? Very, very few, but, over a period of time, we are going to catch up with that.”
Cybersecurity career on the cards for Africans
Akinyode – who is based in Accra in Ghana – believes that financial inclusion is making people more aware of the opportunities that a cybersecurity career offers. “Because of the adoption of digital platforms, people are now aware that you can transact business from any platform,” he says. “People are now becoming aware of phishing, of scams, of business email compromise, and that is beginning to develop people’s interest. What you don’t know, you don’t get interested in.”
Akinyode adds that most people have been surprised by the rapid growth of digitalisation in Africa. “I remember some years ago when I used to live in the UK, I saw when mobile phones first went to Nigeria,” he says. “The growth of mobile phones there within the space of two years was a shock. Nobody expected that kind of growth, and we are seeing the same thing now in terms of the adoption of digitalisation in financial services.
“Knowing the ‘typical African man’, he likes to see cash before he releases the goods. However, we have now seen a transformation in the mindset; people are happy to see that the money has hit their account. People are beginning to trust in the digital platform more and more. I think governments have been a bit behind in latching on to this. It is a journey in terms of what governments are doing.”
The African Union Convention on Cyber Security and Personal Data Protection (known as the Malabo Convention) was adopted in June 2014, but, by June 2022, it had only been ratified by 13 out of 55 AU member states. What does this say about the wider commitment in Africa to tackle cybercrime?
“The number of countries that have signed up is low, but at least something has started” says Akinyode. “Since then, the Eco currency has been proposed in the Economic Community of West African States area and it is introducing its own cybersecurity act. Now we are beginning to see nation states – including Rwanda, Ghana and Nigeria – adopt cybersecurity acts. So we are beginning to see governments take responsibility in terms of regulation to control what is going on within their sphere.”