By Teddy Daka, Ansys CEO
Anyone who studies the economics of our continent soon stumbles upon some well-documented facts about South Africa.
Facts such as we account for 35% of the entire GDP of sub-Saharan Africa and Gauteng alone accounts for 10% of the continent’s wealth.
The few square kilometres that connect the Sandton and Joburg CBD makes up the majority of that.
There’s an argument about whether or not South Africa or Nigeria has the largest overall economy, but there’s no doubt ours is more high tech.
By some reports, smartphone penetration in South Africa is up to 60%. That may be an optimistic guess, but suffice to say that we’re way ahead of anywhere else.
Our big industries are digitising at a rate of knots, and our public schools are adopting paperless teaching methods that rival many of our richer international peers.
So why is it, against this backdrop of technological and economic sophistication, that when the International Telecommunications Union (ITU) released its 2017 Global Cybersecurity Index in July this year, South Africa doesn’t even figure in the top five sub-Saharan Africa countries?
The list of countries ranked as being more committed to cybersecurity includes Mauritius, Kenya, Nigeria and Rwanda – despite the fact that South Africa is reported to lose much more money to cybercrime and be one of the global hotspots for identity theft.
The truth is that as the population has become more connected yet the spending on cybersecurity and awareness hasn’t kept up – or been joined up.
The policy is moving in the right direction with the Cybercrimes and Cybersecurity Bill, but there’s still a huge drag between policy developing and the threats evolving. And our approach is haphazard at best: we have some of the world’s best security professionals in South Africa, but the ITU scores us low for public-private partnerships and interagency co-operation on cybersecurity issues.
We need to move to a cybercrime regime that is proactive rather than reactionary; develop laws that have measures in place to tackle new threats as they arise; create an informed citizenry and arm them with the tools to defend themselves online.
True, the digital revolution has been rapid. We’re certainly not alone when it comes to being caught off guard by rapid take-up of smartphones and the complex security and habits that must be developed around them.
Every country is fighting to educate its citizens about over-sharing personal details on social media, and in African countries that struggle is compounded by poor standards of IT education and lack of access to traditional PCs in many of our schools.
But even in our corporate world, there are mixed experiences. Our financial houses were among the first in the world to adopt mobile security and two-factor authentication, for example, but elsewhere we still see many large companies that don’t have a functional internal security policy.
Where they do exist, the chances are that they’re based on outdated notions of best practice.
Our challenges aren’t unique, but we must look to locally developed solutions that take account of our citizens and businesses’ needs. As security professionals, we have to understand how people use technology and make it easy to protect it.
It’s simply not good enough to say that responsibility lies with the end user when we’ve already taken away their agency by providing complex hardware with poor documentation and no obvious update mechanism to guard against new threats.
We need to produce solutions that are simple to use, and comprehensive. That help user understands the dangers rather than attempt to baffle them with jargon.
South Africa may be the dominant force in sub-Saharan ICTs, but our digitisation journey has only just begun, and it will only get more dangerous if we don’t act now to travel it responsibly.