How Africa could become first line of defence in cybercrime fight

Across the continent, countries have seen a marked increase in cyberattacks targeting critical infrastructure, financial systems, and public services. Yet, in many instances, African governments, companies, and organisations’ cybersecurity measures have not kept pace with the rate of development.

And while the continent’s rapid digitalisation is a welcome catalyst for innovation, Interpol found that cybercrime now accounts for over 30 per cent of all reported crimes in West and East Africa and that two-thirds of African countries classify cyber-related incidents as medium- to high-priority threats.

Most countries on the continent lack a comprehensive national cybersecurity strategy, which hampers effective defence and enforcement measures. For example, the AU Malabo Convention, which focuses on cybersecurity and personal data protection, has been ratified by only 15 African Union member states so far.

Given the growing risk landscape and the lag in policy adoption, the role of emerging technologies such as artificial intelligence has become increasingly pivotal in shaping both the threats and defences within Africa’s digital ecosystem.

Artificial Intelligence (AI) is playing a transformative role in cybersecurity defence strategies, enabling defenders to synthesise vast data sets, detect novel threats and respond more rapidly than ever before. However, cybercriminals are also harnessing the power of AI, trialling emerging tactics, such as fake digital IDs, across Africa’s evolving attack surface, because of perceived and real inherent weaknesses in the continent’s cyber defences.

Africa is increasingly being targeted by identity-based and AI-driven threats – and AI has significantly reduced the time attackers need for reconnaissance. AI-generated content is flooding digital spaces, overwhelming detection systems and enabling deepfake-enabled fraud, voice cloning, and the creation of synthetic identities at scale.

AI-generated IDs are now often more convincing than real forgeries, growing by 195 per cent globally in usage. Africa’s need for strong digital identities is more pertinent now than ever. This, backed by reducing legacy infrastructure and well-resourced cybersecurity teams to be able to respond and adapt, is critical to national security and economic growth. Business Email Compromise (BEC), phishing and other digital identity theft are prevalent, increasingly being exploited as organisations migrate to cloud services without adequate security controls.

AI allows attackers to create phishing emails tailored to local languages and cultural contexts and launch attacks much faster and to quickly analyse stolen data, enabling them to identify valuable information for ransom demands more efficiently.

Cybercriminals are also using AI-generated content for impersonation, extortion, deepfake-enabled fraud, and voice cloning tactics that are more potent in Africa because of the widespread use of non-business productivity tools such as WhatsApp for business engagements. For example, cybercriminals may complete a SIM swap and impersonate a company’s CEO, chief financial officer (CFO) or other key business leaders. By the time the SIM is restored, attackers could have caused significant disruption or loss.

Cyber threats increasingly challenge economic stability. Cybercriminals are leveraging emerging technologies to attack with both greater volume and more precision than ever before. Because of this, international collaboration among defenders will be critical to define new coordinated defences.

Africa has a unique opportunity to lead in combating new threats, helping to shape the future of cyber defence. African SMEs are at the frontline of cyberattacks. Small and medium businesses make up nearly 90 per cent of businesses in Africa, driving employment, economic growth and, in many instances, innovation.

As these businesses digitise, adopting cloud services, mobile platforms and e-commerce, they are both targets and defenders in the cybersecurity arena. South African SMEs face 143 per cent more attacks per user than larger firms, while 67 per cent of Kenyan SMEs report more incidents during digital transitions. A breach in one SME can ripple across supply chains or financial networks and even government services. However, the converse is equally true: a well-defended SME sector that is responsive to identifying new tactics strengthens the entire digital infrastructure.

Securing SMEs is essential to securing Africa’s broader digital ecosystem and, in turn, by sharing this information among international collaborators, helping strengthen defences globally.

SMEs should approach cybersecurity as a top priority, on a par with any financial or legal issue. While small business owners might tend to deflect or delay introducing cybersecurity measures due to concerns about cost or a lack of resources or understanding, they should regard building from the ground up cyber defences as a vital part of protecting their investment.

African SMEs are not burdened by legacy systems to the same extent as larger organisations on the continent. The pace of change in the threat landscape means that it is necessary to rethink the approach to cybersecurity.

Attackers are simply looking for the weakest path into the business, and a siloed approach opens up areas for exploitation in most defences.

Cloud-based security options are becoming increasingly affordable for small businesses, while endpoint protection and multifactor authentication can secure devices and accounts. Research has shown that multifactor authentication reduces the risk of identity compromise by more than 99 per cent.

Cybersecurity must be embedded into the fabric of organisational strategy and addressed regularly as part of risk management. Culture and readiness are key factors – human defences, no matter how good they are, are inadequate alone without the right technology to support them. Even the most vigilant person can fall for a ploy or tactic if it is good enough.

Cybersecurity professionals must challenge themselves to focus not only on perimeter-based security models – preventing the breach – but also on what happens once a system is compromised. 

Assume breach prioritises containment, rapid detection, and response over prevention alone. By prioritising containment, segmentation of critical assets, anomaly detection and behavioural analytics, organisations can limit damage and recover faster. This, along with Zero Trust, continuous monitoring, least privilege access and multifactor authentication, adds an essential layer of protection.

Africa’s SMEs are no longer passive recipients of cybersecurity solutions; they are active architects of a safer digital future.

Operating in resource-constrained environments encourages SMEs to develop creative, cost-effective cybersecurity solutions such as mobile-first security tools tailored to local usage patterns, community-based intelligence sharing and partnerships with regional cybersecurity hubs and incubators.

Through these actions, African SMEs are in a unique position to identify regional threat actors and tactics.

Businesses and governments that invest in cybersecurity proactively are more agile to adopt new technology (like AI) safely and are therefore nimbler to scale business opportunities, reduce costs and increase service delivery. By investing in and embracing modern defence strategies, African SMEs can lead the charge against evolving cyber threats.

This spirit of innovation, combined with sharing and receiving real-time threat data about emerging tactics with regional peers, industry groups and governments, could have a profound impact, not just for the continent, but for the world.

The writer is the Microsoft Chief Security Advisor, Africa.