(Ecofin Agency) - At a time when protecting sensitive data and enhancing cybersecurity are seen as a challenge shared by African countries, experts are increasingly advocating for public and private actors to pool efforts to sanitize the cyberspace. 

On the sidelines of the Cyber Africa Forum (April 24 -25, 2023) in Abidjan, Youssef Mazouz, Secretary General of the African Cybersecurity Center, agreed to be interviewed by Ecofin Agency and We Are Tech on the vision of his center and its solution to common cybersecurity challenges in Africa. 

We Are Tech: Hello Dr. Mazouz, as the Secretary General of the African Cybersecurity Center, what do you think is the current need for cybersecurity professionals in Africa?

Youssef Mazouz: Hello, I am Dr. Youssef Mazouz, as you mentioned. I work a lot in cybersecurity through an NGO that brings together cybersecurity professionals, security and information system managers. Africa has been undergoing a digital transformation in recent years and there is an obligation to support this digital transformation by controlling risks and cybersecurity. The threats are there and African organizations are now taking the protection of their data and their IT infrastructure seriously. So, cybersecurity is becoming a critical field that should follow the development and changes in the digital world.

The CAF, which brings us together around this theme, focuses on this crucial subject. Unfortunately, most of the top managers of African organizations are not yet aware of the importance of cybersecurity. For them, it is a cost item, so events like this are essential to show that cybersecurity is an area that must be taken seriously because if we do not take into consideration the protection of data, we can face huge losses. We have examples of companies that have lost millions while others have had their businesses shut down for some time due to a cyber attack.

WAT: Do you feel that the continent currently has the human capital to protect its institutions against cyber attacks?

YM: You mentioned a key element, which is the human element. Truly, there are some technology components. There are many data and infrastructure protection as well as cybersecurity solutions. However, if there is no human talent to make the solutions work or back them up, the technologies won’t offer optimal protection.   It is, therefore, necessary to support Africa by setting up continuous training, building skills, and opening cybersecurity research centers and universities.  Moreover, we have an agreement with a university in Morocco to start cybersecurity research and build skills capable of following this evolution in the field of data protection and infrastructure protection.

WAT: What do you think are the main challenges to skill-building in African countries? 

YM: The first challenge is how to keep our talents. Africa has skills but the problem is the exodus. They leave because there is a strong demand for digital skills elsewhere.  We see engineers emigrating to Canada or Europe to work there. So we must keep a space capable of absorbing our talents in Africa.  We must set favorable conditions for them to work and provide incentives to stay on their continent and in their country. I know that most of these skills want to stay in their countries, but they find out that they are not offered optimal working conditions. That is why they leave. We thus need to retain them. 

WAT: So, you are suggesting public investment in the sector should be improved? 

YM: Of course. Governments need to invest in research and training. They need to realize that information systems are value-creation tools, not cost items as they think.  They can create value with a safe and efficient digital transformation.

WAT: What are your recommendations for the improvement of the supply of skilled professionals on the continent? 

YM: I think the first thing is to have a synergy between countries by pooling skills and exchanging expertise. There are experts everywhere on the continent, so we must capitalize on them. This is why we have created the African Center for Cybersecurity, which brings together cybersecurity professionals. The center’s first goal is to build synergy between cybersecurity professionals in Africa. Last year, we launched an initiative to create an African cybersecurity alliance that brings together professionals from 12 countries for now. The information systems security manager (ISSM) or cybersecurity engineer cannot live in isolation, because new threats come up daily. There won’t be effective protection if cybersecurity professionals fail to share information on those threats. That's why we need to build this synergy and create an exchange network to develop expertise and develop threat information sharing.   

WAT: How does the African Cybersecurity Center work with governments and businesses to strengthen the security of information systems in Africa?

YM: The center is an NGO and as such it has a lot of leeway as a civil society organization because it does not report to states. That is why we have insisted on this civil society model to have a wider scope of work. We work in collaboration with States and governments by organizing seminars, awareness days, etc... We also work with the private sector through exchanges and training with their CISOs. To share expertise with cybersecurity professionals, we also organize thematic days.  

WAT: What steps should African governments take to strengthen cybersecurity regulations and protect citizens against cyber attacks?

YM: The first thing is to work under the umbrella of the African Union (AU). We know that the AU established a Cybersecurity convention in 2014 in Malabo, but as of 2022, only 13 out of 55 countries had ratified that convention. This shows that countries have not yet reached the maturity to create this cybersecurity momentum on the continent.

In Europe, they have the GDPR (General Data Protection Regulation, ed.), which is a law imposed not only on European countries but also on African countries and other continents. So if you want to work with Europe, you have to respect the measures mentioned in the GDPR. Why can't we create a regulatory framework under the aegis of the AU which would be an equivalent of the RGPD to keep and ensure the digital sovereignty of the African continent, that is to say, to protect the African data, of Africa and for Africa. So when we work with providers from Europe, they will have to comply with this legislation.

WAT: Have there been any recent developments in cyber security in Africa?

YM: Africa is undergoing fast digital transformation but, cybersecurity measures are slow to follow. This is due, on the one hand, to the difficulty of establishing a cybersecurity culture, because as I mentioned, decision-makers are not yet really aware of cybersecurity. So, to accelerate this cybersecurity process, we first need to work on raising awareness, involving the media, and talking about cybersecurity as a very important area. We also need to start investing money in the sector, through the creation of data centers for Africa and why not exchange with African countries to create a data center for Africa to protect sensitive African data without having to host them with a foreign provider over which we have no control. So we must invest in African infrastructure for Africa.

We must also back this process with quality training and ensure optimal working conditions for cybersecurity staff.  Finally, we must establish the laws and regulations necessary to accompany these developments.   

WAT: How is the African Cybersecurity Center adapting to the evolutions in the African cybersecurity sector? 

YM: Of course, we have African experts that we are proud of. We do not rely on foreign experts. And these experts work on support, and the implementation of awareness guides distributed to companies and members. We also create vulnerability bulletins by discussing with our local members who are CISOs.  This means that if a threat or a risk is detected by one of our members or collaborators, we integrate it into a monthly vulnerability bulletin that we distribute. So there are several practices that we implement in the center to try to create a movement or a synergy in the field.

Interview by Moutiou Adjibi Nourou and Muriel Edjo