Cyberlag: African security is as lax as its weakest link

More regulation is needed to tighten African cybersecurity.

Computer Facilities is a small direct marketing agency, based north of Johannesburg in Randburg, which lists just 27 employees on LinkedIn. Mid last month it was responsible for a 1.7 million customer data breach for Nedbank, one of South Africa's largest banks.

Safe to say, Nedbank is a sizable operation. It employs 31,277 people and operates through subsidiaries and external outlets across eight African countries, including Kenya and Angola, as well as neighbouring regions. Its hacked customer data included names, ID numbers, telephone numbers and even email and physical addresses.

As Nedbank CEO, Mike Brown, explained in a television interview for CNBC Africa, he understood the "responsibility" for the breach lay with Nedbank although "nothing at Nedbank was comprised in any way". It simply had a weak data link through a principle supplier.

An anonymous security researcher interviewed by MyBroadband stated that Computer Facilities' security was lax. "Email addresses belonging to Computer Facilities staff come up in data leaks of usernames and passwords, and the passwords are extremely weak," read the editorial. "Some are simple dictionary words and others are words followed by a short series of digits."

MyBroadband added this shows that staff "are poorly educated in proper security practices - not unlike many other corporate users in South Africa".

Big banks and other large corporate operations may have best-in-class security measures in their own organisations but they're still only as strong as their weakest supplier. And evidence suggests that across Africa - even within the better developed, more prosperous markets, like South Africa - cybersecurity is lagging behind other parts of the world.

Africa is over targeted and under regulated

To continue reading this article register now