As digital transformation accelerates across Africa, so too do concerns about the rising tide of cyber threats. Ecofin Agency recently spoke with Babel Balsomi, a cybersecurity expert, ethical hacker, and CEO of Hiero Digital, at the 5th Cyber Africa Forum. In this exclusive interview, Balsomi delves into the escalating risks from AI-powered cyberattacks, examines the foundational weaknesses in Africa's digital infrastructure, and highlights the continent's distinct strengths for building cyber resilience.Babel Balsomi, cybersecurity expert and CEO of Hiero Digital

Ecofin Agency (EA): Looking back at the last five years, how would you describe the evolution of cybercrime in Africa? And how is AI influencing that landscape? What are the primary AI-driven cyber threats currently impacting the continent?

Babel Balsomi: Cybercrime now accounts for over 30% of all reported crimes in West and East Africa, according to Interpol’s Africa Cyberthreat Assessment Report 2025. Ransomware attacks, business email compromises (BEC), and online scams are rising sharply, with a clear shift toward more targeted and sophisticated operations.

Cybercriminals in Africa are now using several artificial intelligence tools, repurposed for malicious use, to automate and refine their attacks. Generative language models such as WormGPT, FraudGPT, or DarkBERT can craft convincing phishing emails and deepfakes, making attacks harder to detect. These models, based on technologies similar to ChatGPT, are optimized to write persuasive emails, generate malicious code, or automate social engineering scripts. They produce grammatically flawless language often tailored to local contexts.

Deepfakes represent another rapidly growing threat. While previously highlighted mainly in politics or entertainment, deepfakes are now entering the realm of financial scams. Hackers rely on tools such as DeepFaceLab or FaceSwap to manipulate videos, or Respeecher, Descript Overdub, and ElevenLabs Voice AI to clone human voices with uncanny realism.

Deepfakes represent another rapidly growing threat. While previously highlighted mainly in politics or entertainment, deepfakes are now entering the realm of financial scams. Hackers rely on tools such as DeepFaceLab or FaceSwap to manipulate videos, or Respeecher, Descript Overdub, and ElevenLabs Voice AI to clone human voices with uncanny realism.

These tools allow for the creation of fake audio or video messages impersonating company executives or public officials. Emerging cases show fake video or audio calls used to order transfers, manipulate staff, or spread confusion. In Africa, where verification tools remain scarce, such attacks often go undetected.

Concrete cases have already been reported in South Africa and Nigeria, where doctored videos or audio calls were used to attempt extortion or gain access to sensitive data. These tools make attacks not only more credible but also faster to produce and harder to detect. This significantly complicates the work of defenders, especially in environments unprepared for such digital deception.

Moreover, AI is being used to create synthetic identities, facilitating large-scale fraud. For instance, ransomware attacks have disrupted port operations in South Africa, highlighting the vulnerability of critical infrastructure to cyber threats.

Today, Africa also faces AI-powered cyber threats closely aligned with local technological and social realities. The first and most widespread is automated phishing. Cybercriminals are generating massive scam campaigns via SMS, email, or WhatsApp that are highly targeted and extremely convincing. This is especially effective in Africa, where operators such as MTN, Moov, or Orange routinely use SMS to interact with customers, and WhatsApp accounts for more than 80% of messaging usage on the continent.

AI-powered bots represent a discreet but potent threat. They continuously scan poorly configured infrastructures, automate intrusion attempts, and identify vulnerabilities, particularly in enterprise and government networks that are often underprotected.

This creates an environment where the average user is constantly exposed to malicious messages that are hard to distinguish from official communications. Finally, AI-powered bots represent a discreet but potent threat. They continuously scan poorly configured infrastructures, automate intrusion attempts, and identify vulnerabilities, particularly in enterprise and government networks that are often underprotected.

EA: When it comes to AI-driven cyber threats in Africa, which sectors are most at risk, and what factors contribute to their vulnerability?

BB: Four key sectors in Africa — banking, healthcare, government, and energy — face growing vulnerabilities to increasingly sophisticated AI-powered cyberattacks. These risks are worsened by rapid digitalization, a lack of local expertise, outdated infrastructure, and easily exploitable digital practices.

Banking, healthcare, government, and energy face growing vulnerabilities to increasingly sophisticated AI-powered cyberattacks

In banking, AI is used to create targeted phishing campaigns that perfectly mimic communications from financial institutions or telecom operators. Audio and video deepfakes, along with the exploitation of SMS-based two factor authentication through methods such as SIM swapping, phishing, or malware, bypass protections without directly compromising banking systems. The central role of mobile operators and low user awareness increase the effectiveness of these attacks.

In healthcare, the digitalization of medical records and teleconsultation services has created new vulnerabilities. AI-driven ransomware targets hospital systems, while fake medical documents are generated to deceive patients or divert resources. The 2024 attack on South African laboratories is a clear example.

Governments engaged in digitizing services like civil status, taxation, and digital identity suffer from a gap between modernization and security. AI makes it possible to produce fake official documents, manipulate institutional communications through deepfakes, and automatically exploit technical vulnerabilities using bots. Digital billing systems are also being hijacked for fraudulent purposes.

Finally, the energy sector, now digitized with smart grids and remote management systems, is becoming a critical target. AI is being used to create industrial malware capable of disrupting electrical or oil networks, as seen in South Africa where attacks caused significant outages. These threats, still underestimated, require an urgent and coordinated cybersecurity response.

EA: Considering Africa's distinct socioeconomic and technological characteristics, how do these factors impact its vulnerability or resilience when facing these cyber threats?

BB: The African context is paradoxical. It combines structural weaknesses that facilitate attacks with specific strengths that could lead to homegrown cyber resilience. The issue needs to be approached from two angles: exposure and resilience.

First, several exposure factors make the continent particularly vulnerable to cyber threats. Infrastructures are often heterogeneous and poorly configured. There is also a marked shortage of cybersecurity skills. According to INTERPOL, about 90% of African countries lack qualified human and technical resources. This aligns with observations on the ground.

Existing information technology teams are not always prepared to handle complex attacks, and the culture of cyber monitoring remains marginal. Digital communication still largely relies on unsecured channels such as SMS or WhatsApp, especially in banking or administrative exchanges. These are ideal entry points for phishing or automated social engineering attacks.

Another critical issue is the reliance on essential but fragile infrastructure, such as unstable power grids, poorly protected banking systems, or outdated telecom equipment. Critical infrastructure is often aging or obsolete. Security updates are frequently not applied, default passwords remain active, and there is no network segmentation.

Finally, regulatory fragmentation remains a major obstacle. Legislation varies widely between countries, complicating cooperation and creating gray zones where cybercriminals operate with little risk.

Infrastructures are often heterogeneous and poorly configured. There is also a marked shortage of cybersecurity skills. According to INTERPOL, about 90% of African countries lack qualified human and technical resources.

In contrast to these vulnerabilities, Africa also has unique resilience levers. Its tech-savvy youth is a major asset. Africa is the youngest continent in the world, with a hyper-connected, agile, and curious generation that drives strong entrepreneurial momentum in local tech ecosystems. This opens the way for cybersecurity solutions designed for and by Africa.

Second, Africa can leapfrog by directly adopting cutting edge technologies such as cloud native solutions or defensive AI. It is not held back by deeply entrenched legacy systems. There is also growing awareness around digital sovereignty. The Malabo Convention, regional strategies such as ECOWAS's, and the establishment of national Computer Emergency Response Teams (CERTs) are all positive signals.

Finally, one must not underestimate the continent's inherent societal resilience. In a constrained environment, individuals and organizations know how to adapt, improvise, and innovate with limited resources. This pragmatic ability to make do can, over time, become a form of strategic advantage. Africa is exposed, but it can also increasingly become resilient, provided it organizes its strengths in a coordinated and sustainable way.

EA: What political initiatives or cross-border collaborations are currently in place across Africa to combat AI-driven cybercrime?

BB: Yes, several political initiatives and regional collaborations have emerged in Africa in recent years to address the rise in cyber threats, including those powered by artificial intelligence. However, their level of maturity remains uneven, and the explicit integration of AI into these frameworks is still in its early stages.

Operations like INTERPOL’s Serengeti have led to the arrest of over 1,000 suspects and the dismantling of more than 134,000 malicious infrastructures. Nevertheless, law enforcement’s ability to tackle these threats remains limited, with 90% of African countries reporting a significant need to strengthen their cybersecurity capabilities. The situation on the ground is concerning. Despite high-level rhetoric on Africa’s digitalization, the reality is often quite different.

Many information technology managers are still learning the basics of cybersecurity, while attackers have already mastered automation and offensive AI. This technological and human gap makes the continent particularly vulnerable.

The problem extends beyond technology. There is a glaring lack of qualified human resources. When technical teams do exist, they often lack practical training in cybersecurity and in managing AI-related risks. Many information technology managers are still learning the basics of cybersecurity, while attackers have already mastered automation and offensive AI.

Under these conditions, attacks often go undetected for weeks, even months, because neither the tools nor the skills are in place to identify them in time. This technological and human gap makes the continent particularly vulnerable. It must be urgently addressed to avoid a silent digital collapse.

EA: How can AI also become a tool to strengthen cybersecurity in Africa? 

BB: Artificial intelligence can play a pivotal role in securing Africa’s digital space. AI does not replace human experts. Instead, it amplifies them, which is especially important in Africa given limited resources. It can intervene at several key levels, beginning with advanced intrusion detection.

Traditional cybersecurity tools, which rely on signatures or static rules, are becoming less effective against modern attacks. These attacks are often adaptive and sometimes generated by malicious AI. AI can analyze network traffic and user behavior in real time to detect anomalies, even on outdated or poorly configured systems, which is common in Africa. It can also identify complex threats such as zero day attacks or lateral movements within internal networks that human analysts might overlook.

Second, AI enables proactive threat monitoring. In many African organizations, cyber threat intelligence is virtually nonexistent due to a lack of resources. AI can automate the monitoring of critical sources like the dark web or cybercriminal forums. It can detect data leaks or anticipate attack campaigns targeting strategic sectors. It can also track vulnerabilities specific to older technologies that remain widespread in Africa and are often poorly protected.

AI can automate the monitoring of critical sources like the dark web or cybercriminal forums. It can detect data leaks or anticipate attack campaigns targeting strategic sectors.

Third, AI can ease the pressure on human resources. Africa has a real shortage of cybersecurity experts. AI can automate incident analysis and triage, and generate actionable recommendations, even for mid level technical staff. This significantly expands what is possible, particularly for small and medium sized enterprises or public services that lack a security operations center or a significant budget.

There is also the cultural transformation dimension. Cybersecurity is still often seen as a technical, sometimes abstract topic, reserved for large companies. AI can generate targeted training content adapted to local realities, such as mobile money fraud, SMS phishing, or fake messages from operators. It can also produce understandable alerts for non technical profiles, such as public decision makers or small and medium sized enterprise leaders. This strengthens collective vigilance, which remains a weak link.

Finally, AI can adapt to local constraints. In Africa, connectivity is often unstable and hardware resources are limited. However, AI systems can be deployed locally through edge computing. This allows for autonomous monitoring, even in poorly connected areas, by embedding detection directly into the equipment.

In short, AI offers Africa a unique opportunity to scale cybersecurity efforts in a smart, gradual, and contextualized way. It allows the continent to close certain gaps while building sustainable and sovereign responses.

EA: How prepared are African businesses and governments to face these risks, and what are the best ways to improve cybersecurity training across the continent?

BB: African businesses and governments are generally not well prepared for cyber threats, especially those amplified by artificial intelligence. While the situation varies by country, sector, and organization size, some clear trends are emerging.

In strategic sectors like banking, telecommunications, and energy, large African companies have started implementing more advanced systems. These include Security Operations Centers (SOCs), intrusion detection systems, and staff awareness campaigns. However, these efforts are often centralized at urban headquarters, with little coordination in regional or rural branches. Conversely, small and medium-sized enterprises (SMEs), which make up most of Africa’s economic activity, remain largely unaware of cybersecurity challenges. Many lack the resources and culture needed to protect themselves from threats like ransomware, phishing attacks, or identity theft. These often go undetected and uninvestigated.

Initial cybersecurity training is very limited or even absent in many university or technical programs. Continuing education is rare, expensive, and often ill-suited to local realities.

Within public administrations, the rise of online services, such as e-government, e-tax, and digital registries, has transformed operations. However, many agencies still rely on outdated, often poorly configured, infrastructure and lack clear protocols for information technology security. Cybersecurity is still too often treated as a secondary issue. This structural vulnerability is compounded by a severe training gap.

Initial cybersecurity training is very limited or even absent in many university or technical programs. Continuing education is rare, expensive, and often ill-suited to local realities. Awareness among decision-makers and end users is also highly inadequate, even though human error remains one of the main causes of security incidents.

To reverse this trend, several actions are necessary. Cybersecurity must be systematically integrated into engineering, management, and university curricula. Specialized training centers that are locally accessible with contextualized programs should be developed. Large-scale awareness campaigns tailored to local languages, usage patterns, and cultural specificities are also needed. Public and private leaders need training in the strategic issues tied to cybersecurity. Finally, practical and immersive formats — such as simulation exercises, experimental labs, or Capture The Flag-style competitions — should be promoted. These allow participants to develop technical skills in real-world conditions.

EA: Looking ahead five years, how do you see cybercrime in Africa evolving with the rapid advancements in AI? Do you foresee a rise in more sophisticated attacks?

BB: Cybercrime in Africa is undergoing a major transformation. Over the next five years, we anticipate a significant increase in sophisticated attacks. These attacks, amplified by artificial intelligence (AI), will exploit vulnerabilities specific to the African context.

Researchers have demonstrated the feasibility of "GhostTouch" attacks, which allow remote control of touchscreen devices without physical contact using electromagnetic interference. This technique can perform malicious actions on smartphones resting on surfaces, such as answering calls, opening apps, or clicking malicious links, all without the user's knowledge.

As more African businesses adopt AI-assisted development tools, often without cybersecurity expertise, the risk of introducing vulnerabilities into critical systems is rising.

This threat is particularly alarming in Africa, where smartphones are widely used for sensitive services like mobile money and e-government. Recent attacks have exploited AI-based coding assistants like GitHub Copilot by injecting hidden malicious instructions into configuration files. These "backdoors" allow attackers to generate compromised code that bypasses traditional code reviews, enabling software supply chain attacks. As more African businesses adopt AI-assisted development tools, often without cybersecurity expertise, the risk of introducing vulnerabilities into critical systems is rising. AI enables cybercriminals to carry out more targeted, effective, destructive, and harder to counter attacks.

Reports indicate that cybercriminal groups are using African countries as testing grounds for new attacks. They take advantage of weak cybersecurity infrastructure to refine their techniques before deploying them in more developed countries.

Given these growing threats, African countries must strengthen local cybersecurity capabilities by training experts and raising user awareness. They also need to implement incident detection and response infrastructure suited to local realities, and promote regional cooperation to share threat intelligence and coordinate responses.

EA: What do you see as the top three urgent priorities for African countries to better prepare for the era of automated cybercrime?

BB: The most urgent priorities involve systematically strengthening human and technical capacities, adapting and harmonizing the legislative and regulatory framework, and developing digital sovereignty and regional cooperation mechanisms.

Interview by Muriel Edjo and Adoni Conrad Quenum,

Translated into English by Mouka Mezonlin