Cybersecurity talent in Africa: The challenges we face and the solutions we need

Conrad Steyn, CTO and Head of Engineering for Sub-Saharan Africa at Cisco

Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talents and secure IT infrastructures. This is important because as the continent continues to undergo digital transformation, the need for security becomes more apparent. We have seen too many enterprises globally suffer from attacks that cost money or bring essential services to a halt. Something needs to change.

Facing this challenge, as well as new business circumstances that influence how we build and maintain our IT systems, we need to understand how we got here, how the world has changed, how people are working, and the various ways we can work together to instil change and nurture the next generation of security graduates and professionals.

Many attackers, few defenders

Africa has a shortage of required security skills. According to the 2022 Africa Cyber Security Outlook survey by KPMG, nearly two out of three responding enterprises reported having trouble recruiting and retaining qualified cyber professionals. This is amidst a surge in cybersecurity across all sectors to the point that, there are an estimated three million cybersecurity job vacancies globally, which is expected to grow to 10 million in the near future.

What elevates the severity of this shortage is the fact that cyber attackers and malicious actors continue to set their sights on Africa. Interpol’s Africa Cyberthreat Assessment Report shows that the agency’s partner company Trend Micro recorded more than 679 million email threat detections, 8.2 million file threat detections, and 14.3 million web threat detections between January 2020 and February 2021. At the same time, the report found over 90% of businesses operate without proper security protocols. From online scams and phishing to ransomware, data-harvesting and disrupting malware, attackers are doing everything to exploit the vulnerability of organisations’ networks, applications, and users across the continent.

Setbacks and growing trends

Made up of countries with unique legislative and technical complexities, Africa is set back by limited investment. While there is definite progress in countries such as South Africa, Kenya, Egypt and Nigeria, in terms of attracting investment, the rollout creates inequities and places these nations ahead of others. Though also continually growing, the still limited number of data centres impacts the continent’s overall level of data residency and retention.

Meanwhile, next to all the opportunities it creates, remote and hybrid working has introduced new challenges to organisations devising the ideal security strategy. As more and more employees work from different locations and become more reliant on Software-as-a-service (SaaS) applications, the security perimeter expands, and existing gaps widen. Cyber attackers are cognisant of this, and as such, organisations need to take extra steps to protect their networks.

Education and other solutions

When it comes to education, collaboration is the answer. For instance, managed services and security vendors are partnering with crucial learning institutions to introduce and offer ICT-based curriculums that cater to employment in the digital age and uplift graduates with the skills they need to excel. Vendors themselves offer online training and certification of their specific products and systems so that when exploring the job market, graduates have a firm grip on the tools and resources that companies worldwide use to build and secure their infrastructure.

The Cisco Networking Academy provides IT, networking, and cybersecurity skills that translate into real-world opportunities. Having just celebrated its 25th anniversary, the academy has provided training to more than a million people across sub-Saharan Africa. With hundreds of thousands of students spread across African countries, including South Africa, Kenya, and Nigeria, the academy plays a vital role in upskilling young Africans, promoting economic and employment growth and enabling participation in the global digital economy. Since the introduction of the Academy in Sub-Saharan Africa, more than 1.07 million people have been trained and upskilled. During Cisco’s 2022 fiscal year alone, more than 345,000 people were enrolled in Cisco Networking Academy courses across 50 countries in the region. The 2022 cohort also shows that the Networking Academy is making significant progress towards the meaningful inclusion and upliftment of women in the technology industry. In South Africa, 61% of the current intake of 82,219 students are female.

Additionally, The Cisco EDGE (Experience, Design, Go-to-Market, Earn) Incubation Center concept in Africa is a great example of a local, grassroots initiative that aims to share business knowledge, speed up entry to market and, and ultimately create new jobs for the local economy.

In light of the shortage challenge, managed service offerings that cover network, cloud, and endpoint security, as well as fully staffed security operation centres (SOCs) are becoming more popular with organisations. Cisco Edge launched a cybersecurity specialisation cohort across South Africa. This certified 11 small, medium, and micro enterprises as Cisco Express Security partners. Not every organisation has dedicated security teams or the expertise to deal with today’s evolving cyber threats. Therefore, these partnerships are crucial to help protect and future-proof businesses adequately.

Africa’s digital transformation can be accelerated through strategic partnerships between sectors and industry players, regulatory and standardised procedures, and prioritising skills development. We can shape it into a bastion of cybersecurity in the digital age and retain industry-leading professionals and systems that take us into the future and beyond.

 

By Conrad Steyn, CTO and Head of Engineering for Sub-Saharan Africa at Cisco