Strengthen Your Business Security (without extra IT staff)

Tanzanian banks lost TZS 10.3 billion due to (reported) fraud in 2023. You shouldn't. Here's our outline for today:

• Introduction (133 words).
• Common attacks (200 words).
• The causes of an attack (601 words).
• Solutions for cyber security (273 words).
• Conclusion (129 words).
• Total: 1336 words.

This edition takes about 5 minutes and 37 seconds to read silently (for the average reader at 183 words per minute).

Let’s get started.

I. Background

Today, we are going to look at another pressing IT issue. I invite you to approach cyber security in the same way that you would employ an armed watchman for your business (like banks do with their ATMs). You may also consider it as installing electric fences around your home.

But if you're anything like me, cyber security might be compared to hiring a team of virtual bodyguards for your computers and data.

Way too many Tanzanian businesses think, "We're just a small office; who cares about us?" Hackers love that attitude.

Modern cyber attacks are automated. They scan for thousands of easy targets at once. You don't even have to be unlucky—just unprepared.

II. Common Attack Methods and Exploited Vulnerabilities

As Tanzania's economy becomes more digital, companies of all sizes become more vulnerable to cyber attacks.

According to Statista, our digital commerce market will grow from USD 2.03 billion in 2024 to USD 2.72 billion by 2028.

These attacks can take many forms, and businesses must be aware of the potential risks. This is especially important if your operations rely on telco operators, the internet, or banking infrastructure.

We'll address country-specific issues in section III. But first, let's understand the following common electronic threats that can impact any business in any country.

Below you go.

(i) Malware: Malicious software like viruses and ransomware are designed to infiltrate systems, steal data, or disrupt operations.

(ii) Phishing: Fraudulent emails and websites mimic legitimate sources to trick individuals into revealing sensitive information.

(iii) Denial-of-Service (DoS) Attacks: Overwhelming a target's network with traffic, rendering websites and services inaccessible.

(iv) Identity-Based Attacks: Exploiting weak passwords or stolen credentials to gain unauthorized access to systems and accounts.

(v) Supply Chain Attacks: Targeting third-party vendors to compromise larger businesses

(vi) Insider Threats: Malicious or unintentional actions by employees or contractors with privileged access

(vii) IoT-Based Attacks: Exploiting vulnerabilities in internet-connected devices like sensors and cameras.

III. Factors Contributing to Challenges

In 2016, a Kenyan firm published the first and only "Tanzania Cyber Security Report." Despite being a few years old, it provides valuable insights for business leaders and information technology (IT) professionals.

The firm analyzed 138,000 network security events. And over 1.6 million public IP addresses (these are the “plate numbers” of devices connected to the internet ‘road’.)

Can we use their report to guide our thinking and shape your IT strategy? I hope you replied, yes:) So let's get going.

Since 2020, the International Telecommunication Union (ITU) has ranked Tanzania as the second safest African country in terms of cyber security.

We'll need to dig deeper to understand the answer.

Several factors make Tanzanian businesses particularly vulnerable to cyber attacks. But I’ll focus on the top three threats, the ones the data says we need to watch out for.

A threat is something (i.e., internal staff greed) that could cause trouble, while an attack is when someone actually tries to cause that trouble. So in this section, we are looking at the causes of the actual act of exploiting an information security system's weaknesses.

I promise it won't be boring.

1. Underinvestment

In 2016, Tanzania’s economy lost more than USD 85 million due to cybercrime. That amount (TZS 219 billion) is close to the 2023/2024 government budget for livestock and fisheries (TZS 295.9 billion).

The situation doesn't seem to be getting better. In 2023, banks alone lost $4 million just from the cases we know about.

Why is this happening?

98% of Tanzanian organizations spend less than USD 5,000 annually—or nothing at all—on cyber security measures. This underinvestment leaves businesses dangerously exposed, hindering their ability to anticipate, detect, respond to, and contain cyber attacks.

2. Skills Gap

Based on a quick Google search I did earlier this week, Tanzania has about five higher learning institutions (HLI) that offer degrees in cyber security. The field is relatively new field in a country with 35.8 million internet users as of December 2023.

This year, the University of Dodoma (UDOM), which is Tanzania's largest HLI by enrollment, will graduate just 39 students in cyber security, following their inaugural class of 8 graduates last year.

Most enterprises fail to build effective in-house defenses due to the scarcity of network security professionals in Tanzania.

On top of that, inadequate cyber awareness among technology users—from employees to customers—exposes businesses to social engineering attacks such as phishing.

3. Evolving Threats

As businesses automate and migrate online, attacks are rising in both frequency and sophistication.

But unfortunately, many businesses only invest in cyber security products after they suffer an attack.

On December 29, 2023, “watu wasiojulikana” hijacked Hama2Bebe’s website. This moving and house rentals platform had to rely on mobile apps and informal channels like WhatsApp to stay in business.

Luckily, the Dar-based property tech startup was able to recover its site within a few weeks. Hama2bebe also upgraded the security of its internet assets—including social media accounts—to prevent future attacks.

That scenario shows how vulnerable even emerging companies can be, resulting in lost revenue and damaged customer trust.

In fact, even the Government Cyber security Strategy for 2022 to 2027 might not be fully up-to-date with the latest threats. Vandalism may also target the National ICT Backbone (NICTBB) infrastructure, which supports your business internet and phone services through operators like Vodacom and Airtel.

4. Cloud Computing

The shift to cloud solutions and third-party services can reduce visibility and control of data security, especially for Tanzanian companies that lack comprehensive service agreements with cloud service provider.

And since some systems are out-of-date, default passwords and unaddressed vulnerabilities are common in the country. Thus making it easy for attackers to breach your network, databases, or payment infrastructure.

In addition, the lack of strong security measures in e-commerce and mobile banking applications often leads to fraud. This results in financial losses for either businesses or consumers, depending on who initiates a targeted transaction.

I hope, online fraud protection (FP) platforms like Michael Nyamwero’s Amini Inc, evolve to help Tanzanian businesses safeguard their cloud-based operations and reduce the risk of cyber attacks during routine tasks.

So, while we are at it, let me suggest an existing 360° solution.

IV. Outsource Cybersecurity

Staff training and customer education are essential cybersecurity components. However, businesses need to complement those efforts with technical defenses that match the complexity of modern attacks.

“The punishment must fit the crime…You must trade an eye for an eye, a tooth for a tooth, a hand for a hand, a foot for a foot, a burn for a burn, a bruise for a bruise, a cut for a cut.

Even trusted employees with admin access to your IT systems (eg., network architects) should be met with strong security measures if they attempt fraudulent activity. Similarly, unethical hackers should find it extremely difficult to penetrate your defenses. Just like a mosquito’s attempt to reach a baby protected by a mosquito net.

This is where Flashnet becomes your business net. Its CEO, Vinayan “Ben” Benedict, has led the service provider to partner with some of the top cybersecurity names in the world: Acronis, Bitdefender, Fortinet, and Sophos.

So, let’s look at what these guys bring to the table. I’ll keep using analogies:-)

• Acronis: Your data's safety deposit box. They provide secure backup and recovery so your business never loses critical information.
• Bitdefender: The silent guardians. They detect and neutralize hidden threats, operating like stealthy cyber ninjas.
• Fortinet: A high-tech security wall for your entire network. They use super smart tools to block malware, hackers, and unauthorized access.
• Sophos: Goes beyond simply protecting your computers and devices. They help control who can access what data. Think of it like a gatekeeper or the "no entry" sign for sensitive information.

V. Conclusion

Can you afford not to invest in cyber security?

If your business relies on the internet or computing devices, the answer is no.

Would mangi ever leave his shop unlocked in a busy market like Kariakoo? Of course not!

Yet, not investing in cybersecurity is just like that. (The internet is more crowded than Kariakoo and has more ISP addresses than stores in your business district.).

Sooner or later, someone's going to try their luck and take advantage.

You can secure your company without hiring additional IT staff. In fact, security is possible even if you do not have any technical personnel.

Simply outsource your cyber needs to Flashnet, Tanzania's first and only ISO-certified managed services provider (MSP).

Please contact them today at +255-777-988-883 or [email protected]!