Christine Thembo, a cybersecurity consultant at Traverse Security, granted Telecom Review Africa an exclusive interview. The discussion revolved around the evolving threat landscape, emphasizing that cybersecurity has become a paramount concern for African governments and the private sector in 2024. Thembo explored the significance of implementing a National Cyber Strategy for countries and highlighted the valuable contributions of women in cybersecurity based on her experience in the field.
In what ways has the threat landscape evolved to make cybersecurity a paramount concern for African governments and the private sector in 2024?
‘We must first analyze the numbers from the year 2000 at the start of the millennium to the present day. The statistics are very clear and tell that cybersecurity should be at the top of the agenda for many countries in the year 2024.
Today, there are over 15 billion connected IoT devices worldwide, and that number is expected to double by 2030. According to the World Economic Forum, Al-generated misinformation/disinformation is listed as the 2nd top risk of 2024, together with cyberattacks coming in at number 5 right under the cost of living. This is a clear indicator that as technology capabilities grow around the world, so does the threat landscape.
The 2019 KnowBe4 African Report, with over 800 respondents, indicates that people living on the continent are not prepared for cyber threats. 65% of respondents across all eight countries are concerned about cybercrime, but the main challenge with African governments has always been the risk of not knowing what they don't know and not investing enough resources to measure the risk, independent of other regions and influences. When it comes to cybercrime, most have assumed that because of the slow technology penetration, this also means that cybersecurity is a farfetched risk, which isn't the case.
The unemployment rate in Africa is expected to reach 7% in 2024 according to Statista, and this means that as Africa, we face the challenge of creating meaningful jobs for the continent with the youngest population worldwide, because as of 2022, around 40% of the population was aged 15 years and younger. If not well managed over the next decade, we may find ourselves with the highest number of cyber criminals worldwide.’
What’s the importance of implementing a National Cyber Strategy for countries, taking into account the role of geopolitical factors in cyberwarfare?
‘National cybersecurity strategies (NCSS) are the main documents of nation states to set strategic principles, guidelines, and objectives, and in some cases specific measures, in order to mitigate risk associated with cybersecurity, while Cyber Warfare is defined as actions where a nation-state penetrates another nation’s networks or systems to cause damage or disruption.
A National Cyber Strategy in summary is a compass that guides a nation on how to set the right policies, systems, and processes in place to deal with the ever-evolving threat landscape in cybersecurity. However, it is key to emphasize that policies are not enough; most countries have defined very good policies but have not effectively implemented them.
An effective NCSS should address how to defend critical infrastructure, how to disrupt and dismantle threat actors, how to shape market forces to drive security and resilience, how to invest in a resilient future, and finally, how to forge international partnerships to pursue a shared goal.
Geo-politics has always been a factor in world peace, and today that fact rings truer with tensions rising in different regions of the world. That is why cyber warfare has been used as a tool to disrupt supply chains, shut down critical infrastructure, spread false propaganda and so much more.’
What foundational steps can governments take to establish cyber-aware systems and processes, ensuring robust cybersecurity measures are in place to protect sensitive data and critical infrastructure?
‘Cybersecurity is a collective effort, and because of the nature of the risk it presents, most governments are learning on the job because no one (country) has been here before. So, for governments to successfully establish cyber-aware systems and processes, first they must benchmark against countries that are doing fairly better than the rest. According to Cyber Express, Singapore, Netherlands, Sweden, Ireland, the US, UK, Denmark, Canada and Japan are the top 10 world nations that are constantly on top of the cyber preparedness chart, with a combination of responsible governments, consistently updated mitigation techniques, and state-of-the-art cyber hygiene practices.
[Note: it says top 10, but there are only 9 countries mentioned]
Once the benchmarking is completed, then a top-down system can be built. Governments have the sole responsibility to protect their citizens from ongoing cyber-attacks and crimes, meaning the country's policies, infrastructure, and trained personnel need to be established by the government first, then these policies can trickle down into the private sector corridors, NGOs, and finally to the individual level.’
How important do you believe women's contributions are in cybersecurity, based on your experience in the field?
‘The field of cybersecurity dictates that one can pay attention to the fine details. Fortunately, this is a skill most women carry naturally.
In my experience, women should not just be trained in the formulation of cyber policies and c-suite management positions but should also be empowered to take on the technical roles that entail defense and offense activities in any computer environment.
As much as there still is bias towards women in the field, I am also a strong believer that you can't dismiss a knowledgeable person, male or female. So women should commit and invest time in simply being the best they can be in whichever area of cybersecurity they choose to specialize in in order to build confidence for them to take up more roles in the field.’
