Alongside birth, death and taxes, the only other guarantee in our current lives is the exponential growth of digital threats, according to a cybersecurity expert, Dr Melanie Garson.
“Yet misperceptions over cybersecurity — particularly that it is complex, costly, onerous and even futile — has led many emerging economies to leave cybersecurity behind as they seek to join the Fourth Industrial Revolution. But without mature cybersecurity policies, states might find themselves unable to fully realize the potential of their digital economies’’, Garson, who is the policy lead for Europe, Israel and the Middle East in the Internet Policy Unit at the Tony Blair Institute for Global Change, wrote in Techcrunch.
She said reframing cybersecurity as a path to opportunity and competitive advantage in the development of innovation ecosystems could be the key to increasing individual states’ cyber resilience, as well as strengthening the global digital ecosystem for all.
Innovation or security?
As 10 billion devices are set to join the Internet of Things (IoT) by 2025, emerging digital economies are vying to be at the center of this revolution. In 2020, about $2.4 billion worth of investment was deployed in African startups and Africa’s e-commerce sales are projected to reach $75 billion by 2025. It is home to half of the 40 fastest-growing emerging and developing countries and is currently the most entrepreneurial continent. This trend will only accelerate as initiatives to close the digital divide by 2030 connect the remaining 78% of the population to the internet.
But as internet access expands, so too, will global cybercrime. Experts estimate that cybercrime will cost the world economy $10.5 trillion annually by 2025. While digitally advanced nations have responded by bolstering their cyber defenses, Africa’s innovation ecosystem remains one of the most under-protected globally.
Only 10 out of 55 African countries have ratified the African Union Convention on Data Protection and Cybersecurity (the Malabo Convention) and Africa continues to be the lowest-scoring continent on the International Telecommunication Union’s (ITU) Global Cybersecurity Index. Despite ITU and World Bank initiatives, only 29 countries in Africa have any type of cybersecurity legislation and only 19 have cyber incident and emergency response teams. This leaves African economies exposed and African leaders outside of the bodies shaping global cybersecurity policy.
When viewed globally, Garson said, this rapid investment in innovation systems without concurrent investment in security creates a digital maturity-security paradox, in which attackers can exploit the gap between these two levels of maturity. In turn, those entities within the states and the states themselves are left doubly exposed and vulnerable as they become low-hanging fruit susceptible to opportunistic and malicious cyber criminals.
But the Director General, National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi said as part of cybersecurity initiatives of the Federal Government, the agency had established the Computer Emergency Readiness Response Team (CERRT) in response to the increase in the rate of cybercrimes and in fulfilment of the requirement of the National Cybersecurity Strategy.
“NITDA-CERRT functions as a government CERRT, coordinating and facilitating information sharing, providing mitigation strategies and recommendations for the incident response and recovery, researching and analysing trends and patterns of incident activity for Government Ministries, Departments and Agencies (MDAs) with extension to the private sector as well,” he said.
Abdullahi added that the agency had engaged in different strategic awareness campaigns and training on cybersecurity, with efforts to have a secured cyberspace for Nigerians, through cyber-monitoring centre that monitors, coordinate and support its constituency’s ICT Infrastructure.
He said, “We have help desk where both the private and public organisations in Nigeria can report cyber-incidents. This centre also engages in building collaborative platform and Cyber-Threat Analysis.’’
Cybersecurity fight or flight?
Meanwhile, Garson said it would be logical to assume that the increase of cyber incidents — and the sticker shock costs associated with them — should lead to increased cybersecurity. Yet, counterintuitively, the narratives of cybersecurity that spur action in the West either lead to policy paralysis or restrictive knee jerk reactions, she added.
As game theorist and Nobel laureate Thomas C. Schelling noted, “there is a tendency in our planning to confuse the unfamiliar with the improbable … what is improbable need not be considered seriously.” Many digitally developing states consider themselves outside of the great power politics that underpin malicious cyber activity. It seems improbable to them that they would be victims to the magnitude of action witnessed in Russian-U.S. cyberspace confrontations, the China-U.S. race for digital supremacy, or the Iran-Israel digital war of attrition. Protecting from such cyberattacks is low on the list of policy imperatives.
Digitally advanced nations have responded to the rapid proliferation of cyber threats with cybersecurity mechanisms such as new legislation with draconian punishments for failure to report cyber incidents and ransomware payments and coordinated international initiatives to paralyze ransomware gangs such as REvil. At the other end of the spectrum, digitally developing states are often ill-incentivized and ill-equipped to unravel the perceived complexity of cybersecurity measures required to address these threats.
This is compounded by a wariness of Western cybersecurity paradigms, which many see as a form of potential technological neo-colonialism. Demands for regulatory compliance, adoption of norms and purchase of Western cybersecurity technologies are often perceived as stifling these nations’ opportunities for growth. And, attempts at trying to shame states into cybersecurity compliance can be perceived as an attack on their sovereignty, which could backfire and drive states to seek alternative paradigms such as internet shutdowns that may ultimately threaten their access to the benefits of the free, open and interoperable internet.
More frequently, though, leaders often react to overwhelming threats with paralysis — and fail to act at all.
It is the CISO’s mantra that cybersecurity is a team sport. In the global context, this means ensuring that developing digital economies want to be part of the team. To achieve this cybersecurity needs a radical makeover.
Radically reframing cybersecurity
Garson said cybersecurity advocates can start by reframing cybersecurity as an opportunity to build a vibrant and resilient innovation ecosystem rather than a burden or a restraint. New narratives that emphasize the attractiveness and value of cybersecurity are needed to counteract perceptions of unreasonable standards that stifle innovation.
“For instance surveys show that cybersecurity and data privacy is a major source of competitiveness for retailers, outranking even price sensitivity. Meanwhile, recent U.S. and British initiatives, like the new State Department Cyber Bureau and the U.K.’s National Cyber Strategy 2022 have highlighted strong cyber ecosystems as strategic advantages.
“Governments of mature digital economies, multilateral institutions and cybertech providers should emphasize that those states able to protect themselves will be the most sought-after partners in the digital revolution. They will also be those able to shape global conversations on cybersecurity’’, she added.
Value of safer net for Nigeria
A vibrant and competitive digital economy that leads to prosperity for all requires open and interoperable networks that are trusted, safe and secure. States that are able to leverage best practices to secure their innovation ecosystems will lead the way in disruptive development. But to induce states, SMEs and individuals to take cybersecurity seriously requires a shift from advocating policy built from fear toward policy built on an optimistic rationale for cybersecurity, said Garson.
Changing the narrative also requires digitally mature states to provide sustained support to those more vulnerable. This is more than digitally developing states being just a market for cybertech exports and cybersecurity strategy blueprints, but a commitment to helping develop the infrastructure that unleashes the benefits of cybersecurity locally and globally. Through a radical reframing of cybersecurity as an opportunity, states and societies can work together to ensure that innovation systems built on safe digital inclusion can create a safer net for all and the potential of the internet as a force for good will be realized.