More than 90 percent of African businesses are operating below the cyber security poverty line
Africa must develop a comprehensive approach to protect its businesses and personal data in light of increasing cybercrimes worldwide.
In a joint workshop between NEPAD and Pan African Parliament committees on the African Union Commission Convention on Cyber security and Personal Data Protection, legislators were urged to interest their nation states to develop an enabling environment to facilitate electronic commerce and transactions and enact cyber security and personal data protection laws.
"According to a worldwide study, cybercrime costs almost $500 billion with hundreds of millions of cyber attacks taking place in Africa every year," said Abdou Rahman Mboob, NEPAD's ICT expert adding that "banks and institutions have been targeted by hackers with increasing frequency."
Abdou Rahman was making a joint presentation to the PAP Committee on Trade, Customs and Immigration, and the Committee on Transport on Wednesday in Midrand, South Africa.
The expert cited the Africa cyber security report of 2017 whose findings indicated that more than 90 percent of African businesses were operating below the cyber security poverty line, the point below which a business cannot effectively protect itself. He elaborated that cybercrime takes the form of fake news, ransomware, insider threat, cyber pyramids, mobile money and internet related crimes, cyber bullying among others.
He said that it was in this regard that the African Union Convention on Cyber security and Personal Data Protection (AUCC/Malabo Convention) was adopted at the 23rd Ordinary Session of the Assembly of the African Union Heads of State and Government meeting on 27 June 2014.
The convention, which is touted as a positive step for the continent in standardizing the approach to regulation of electronic transactions, personal data protection and cyber security is yet to meet the 15 ratifications required for its entry into force. With signatories from Benin, Chad, Comoros, Congo, Ghana, Guinea Bissau, Mauritania, Sierra Leone, Sao Tome and Principe, and Zambia; there have been only two ratifications from Senegal and Mauritania.
The Chairperson Committee on Trade, Immigration and Customs, Mc Henry Venani from Namibia, said the issue of cybersecurity was fundamental with regard to intra Africa trade and that with cyber attacks on businesses worldwide, Africa had not been spared. Venani noted that a lot of intra Africa trade will be along online systems hence the need for an enabling environment that secures such transactions.
Felix Okot Ogong suggested that there should be an African body that looks at cyber security and data protection at continental level, which then gives impetus to the need for nation states to ratify the AUC convention.
"The world has gone digital and it presents with a lot of opportunities and challenges. Regulation is the way to go and African countries should ratify the Convention so that there is best practice in addressing cybercrime," he said.
The Africa cyber security report indicates that Uganda loses sh155b ($42 million) annually to cyber attacks.
Instances of cyber attacks are becoming common place in Uganda. Last year, Makerere University computer systems were hacked and 50 students deleted off the 2017 graduation list; in 2015, nine former MTN staff were convicted of stealing Shs3 billion off the Mobile Money platform; and several MPs and individuals in Uganda have lost millions of shillings to hackers who duplicate SIM cards and gain access to their personal data.
Such are but just some of the reported incidences but a lot of the cybercrimes go unreported. The AUC Convention on Cybersecurity and Personal Data Protection therefore, proposes an African response through establishing structures to implement cybersecurity defences and mitigate cybersecurity threats and vulnerabilities.
Parliament of Uganda in 2011 enacted the Computer Misuse Act with the aim to prevent unlawful access, abuse or misuse of computers. It provides for penalties and measures that law enforcement authorities can use to fight cybercrimes.
Pan African Parliament MPs are attending Committee Meetings in Midrand, South Africa from 2-10 August. Their deliberations will inform the reports that will be presented to plenary, which will meet in Kigali in October 2018.
Uganda's delegation to the PAP includes Jacqueline Amongin (Ngora); Prof. Morris Ogenga-Latigo (Agago North); Anifa Bangirana Kawooya (Sembabule); Felix Okot Ogong (Dokolo South) and Veronica Kadogo (Buyende).