Nigeria's new data law; Anonymous Sudan, again
and more infosec news from across Africa
CybAfriqué is a weekly newsletter covering news and analysis on cyber, data, and information security on the African continent.
Nigeria’s New Data Protection Law
On June 14, Nigeria’s new President, Bola Ahmed Tinubu signed a new data protection bill into law. The bill, which was first developed by the Nigeria Data Protection Bureau in October 2022, provides a legal framework for the protection of data in the country. Until now, data protection was covered rudimentarily across a bunch of related regulations, mainly the 2015 Cybercrimes (Prohibition, Prevention, etc.) Act, the 2007 National Identity Management Commission Act, the 2019 Nigeria Data Protection Regulation, and the 2021 National Cybersecurity Policy and Strategy.
Both the 2019 NDPR and the 2021 National Cybersecurity Policy and Strategy provides a pretty extensive regulations on data protection in the country, but the regulations have barely been followed. Numerous breaches and data violations have occurred with little to no repercussions. One of the improvements of the new bill apart from providing a central policy and framework for data protection is that it covers specific things such as how data is processed and regulations on who can store or process data – which seems like a prelude to taxing and licensing.
The most important feature, in my opinion, is that it makes provision for a commissioner and governing circle with the authority to enforce the policy. This makes enforcement much more easier, and hopefully, might lead to better data standard because as I’ve covered before, the bar is in hell at the moment,
Anonymous Sudan Successfully DDOS’ed Microsoft
Anonymous Sudan – the Sudan-claiming Russian-seeming hacktivist group – caused an outage of Microsoft cloud and email services. On Friday, Microsoft admitted that the outage had been due to targeted DDoS attacks which began in early June from an entity identified as Storm-1359. Microsoft did not explicitly identify Storm-1359 as Anonymous Sudan, but Anonymous Sudan has since claimed responsibility for the attack and has been gloating over it since before then.
Microsoft said the attack targeted layer 7 instead of the usual layer 3 and 4. The attackers used an extensive network of bots and virtual servers to bombard Microsoft with millions of https requests, bypass cache protocol, and carry out a slowloris attack by responding slowly or not responding at all to request response.
Big picture stuff
SMEs in Africa face several cybersecurity challenges. They often have limited resources to invest in advanced security solutions and are often run by people who lack cybersecurity awareness and knowledge. This piece argues for the importance of providing accessible protection for small and medium sized enterprises in Africa.
Governments, especially in the Global South, are getting increasingly bolder with internet restrictions. In In 2021, there were 50 internet restrictions across 21 countries. But amidst growing digitization, these restrictions take a heavy toll on the economies and finances of ordinary people. This article by Omoleye at Technext analyzed the economic price of internet shutdowns and restrictions.
South Africa’s biggest cybersecurity threat, as argued by this piece, might be the human factor and not subpar infrastructure.
We’ve talked about Nigeria’s new data protection law, but here’s why it may not benefit its digital economy.
Also, check out the EU Cyber Diplomacy Initiative’s publication on “priorities and perspectives on African confidence-building measures in cyberspace.”
Headlines
The 2023 General Assembly of the African Cybersecurity Circle is happening in Dakar, tomorrow. – Africa Cybersecurity Magazine
Tanzania’s Institute of Accountancy Arusha (IAA) is partnering with the police force to provide professional cybersecurity and anti-cybercrime trainings. – Dailynews Tanzania
Nigerian fintech Glade lost $214,000 to an internal hack. - TechCabal
Benin’s CRIET arrests nine cybercriminals, and four major scammers. – Le Matinal
Nigeria is working on a practice code for ChatGPT and other generative AI models - Regtech Africa
In Kenya, Meta is appealing the court’s ruling on its moderators. - TechCabal
Nigeria’s Globus Bank was hacked through a USSD glitch. - Business Post
The Development Bank of South Africa suffers a ransomware attack by the Akira gang. - The Record
Angola is starting a cybersecurity academy. - Angola Press Agency
Across the world
Hackers are threatening to leak data stolen from Reddit. – Techcrunch
How Huawei got caught spying. – Bloomberg
Post note
Remember to share. See you next Tuesday!