The world is going digital. Is Africa prepared to meet the associated demand? Unfortunately many African countries are not addressing the challenges and tapping into the benefits of Information security.
Here are some of the causes:
The digital divide is still a problem for most African countries –the majority of the African populace, especially those living in the rural areas are still “offline”. Even in the urban areas many are still attempting to ride the dead horse of the old economy. To others ICT isn’t an enabler, there is no connection between ICT deployment and business strategy. Open hostility may even be displayed to ICT related developments. ICT is seen by such people as a “bottomless pit” into which business pours money.
Lack of understanding of what Information security means is a major societal challenge. Most people online are unaware of the threats and the significance of the threats. It’s strange but people still fall victim to recharge card and the “Bill Gates is giving away all his money” scams. Access and consumption is the main focus of many. This demand for digital access and inclusion is justified, as Africa cannot afford to be left behind in the digital revolution. But how many know that the same PC that helps you to get the job done faster can also be a welcoming mat for danger?
Lack of interest in education and training
Lack of understanding is compounded by lack of interest in security education. Security is a serious issue but there is very little demand for security education. Even for the corporate environment, the belief is that “crime happens to someone else”. There is an “it can’t happen to me” mentality. Security education is not regarded as a priority. Instead the interest and demand in the ICT education is for user and the core professional skills. Which is more important – how to provide an ICT facilitated service or how to secure such a service? What is the value of the insecure database masterpiece? What is the value of a network that does not work due to incessant attacks? The low demand for security education is also a reflection of the low level of security awareness in the environment. The feeling that security education is a luxury and not a necessity is still strong within circles that should know. “It should be common sense”. “Security skills can be picked up by professionals as they progress in the field”. Developing security expertise should never be reduced to gambling or “trial and error” experimentation.
Direction of governments is unclear
Although several African governments have developed security and ICT policies, implementation is a major challenge. “Paper policies”? There is a need for clearer policy direction. And how realistic are such policies? How much has been invested in terms of time, education, personnel, etc? What are the priorities? Is deployment effective? Is content relevant? How committed is leadership? How effectively are resources mobilized and deployed? Are the policies government “shows” or are other stakeholders involved? How well integrated and prioritized are the policies within national development programs?
Most measures taken on Information security are reactive in nature, e.g. going after the “Yahoo boys”. To many policy makers Information security is simply a buzzword that makes the right noise. Quality will take a back seat where issues such as planning, research, monitoring, human resource development and statistics are not given the right attention. Haphazard half measures won’t work. There is a need for a better focus and coordination of efforts rather than playing to the gallery.
Low confidence exhibited in Africa’s e-business structures
The poor attention paid to Information security has affected the growth of e-business in Africa. It isn’t enough for banks and merchants to churn out e-business products and services. Is the environment right? Does the environment breed confidence? In the deployment of e-banking what have the banks and other stakeholders in the e- payment industry done to promote an environment of trust. It isn’t enough to throw money at the problem. Investors and key stakeholders – local and foreign – will not take e-business serious in an insecure environment.
Law Enforcement/Security/Intelligence Agencies Gap
Information security is about crime. However, a major challenge is that of empowering law enforcement in the digital era. The ICT infrastructure of law enforcement requires massive improvement. The “analogue” days of law enforcement are over. And the crime fighters must be equipped with critical and relevant skills for knowledge economy security and intelligence. Security and intelligence activities today cover more than the physical and the tangible. Information security requires not just ICT knowledge but ICT enabled intelligence. There is a need for skills to deal with the threats associated with Information infrastructure, products and services enabled by ICT.
Shouting and moaning about cybercrime isn’t enough. There is no need for drama and theatrics. You simply cannot police what you don’t understand. Information security requires the support of law enforcement. Otherwise cybercrime will thrive. Law enforcement agents must have the skills, know-how and necessary insight to fight knowledge economy crime. It means knowing how to encourage whistle blowing, identify threats, protect assets and arrest offenders. Private security operatives and interested members of the legal profession who want to take advantage of knowledge economy opportunities may also find it useful to develop skills in Information security.
HAVE YOUR SAY: Mention other Information Security challenges that Africa must address. Please share your comments, thoughts and opinions.
Innovation and Development Advisor, ICT at Jidaw
ICT Development Advisory Support and Consulting