advertisement
AI Attacks Vs Africa’s Critical infrastructure: We Are Not Ready
25 years of cybersecurity experience and firsthand observations from his inaugural trip to Ghana in 2023 painted a sobering picture of a continent underprepared for the looming threat of AI exploits. Matthew Martin would have none of it, and Two Candlesticks, inspired by Les Misérables, was born. As CEO and Founder, he could do plenty; especially with the integration of AI into cyberattacks no longer a future possibility. It was already underway. “When I think about the future of cybersecurity and what these attacks look like, the first thing you think about is AI.”
It isn’t mere hyperbole either; it’s a reality springing from the simplest of origins – language. “In the past, we could train employees to look for poor language as a telltale sign of malicious emails. Now, with generative AI, the English is perfect—there’s no giveaway.” A shift demanding cybersecurity defences evolve in tandem, moving away from rule-based systems that attackers can quickly bypass.
“It’s important for us to be talking about it. How are countries throughout the continent, as well as the individual private companies prepared for it? How do they try to stay protected?” He throws in a business element that could gravely impact the two – budget. “There are so many cybersecurity vendors charging a large amount of money for solutions to take advantage of this sort of hype cycle. In Africa, the budgets aren’t as big as the US or the UK or Europe. How do these companies in these countries prepare themselves and defend themselves on lower budgets? When you’re talking about AI, a lot of it can be protected by just doing fundamental things that aren’t very expensive.”
advertisement
It doesn’t help that the continent’s cybersecurity challenges are so multivariate and multifaceted. “The money is in critical infrastructure with potential disruptions to essential services, financial systems and government operations. Here, attackers get the biggest bang for their buck. If you’re targeting the large infrastructure projects, for example, they come with significant foreign investment. But because they’re inside Africa, the modern security controls aren’t the same as you would find in the West, yet the reward is significant, making the continent an easier target for them.”
Despite significant foreign investment in infrastructure, businesses across the continent operate with outdated software, limited monitoring capabilities, and insufficient backup and recovery procedures. Much of the vulnerability stems from basic gaps in cybersecurity hygiene. “It comes down to fundamental things—training, awareness, and getting people ready.” For many organisations, the simple act of performing a comprehensive risk assessment or maintaining up-to-date asset management can be the difference between thwarting an attack and suffering debilitating losses.
Beyond the technology, there is an inevitable glaring skills gap. “Africa needs to enhance its security education,” Martin laments. Few universities offer dedicated cybersecurity programmes, leaving local companies often struggling to build and retain in-house talent, sometimes resorting to expensive outsourcing from the West.
advertisement
Then again, the threat could be in-house. “I’ve seen a lack of comprehensive incident response plans. What happens when you suffer ransomware? Does all leadership know what to do, who to contact, and what authorities to notify? It all ties in together. In addition, do your actual employees know what to do if they see something come in that’s not quite right, should they get a fake email or a call from somebody claiming to be the CEO? Do they know how to identify it? Do they know who to report it to? We’ve built the practice around these things.” That way, when something real happens, your people actually know what to do. They take the time to think about it in a safe time, there’s a plan in place, and everyone is simply following it.
Why Crafting A Ransomware-Ready Plan Is King
To counter these mounting threats, organisations must shift their focus to building robust, albeit affordable defences. Here is how:
advertisement
- Risk assessment and asset management: Start with a risk assessment. Knowing the assets you have, understanding data flows, and mapping critical infrastructure are essential first steps. Without this clarity, vulnerabilities remain hidden, and response plans falter when an attack occurs.
- Implement robust backups: An effective backup solution, including offline copies, is critical. Testing backups to ensure they are current and understanding recovery time objectives can dramatically reduce the damage of a ransomware attack.
- Endpoint detection and incident response: Deploying endpoint detection and response agents can help identify anomalies. Coupled with clearly documented and regularly rehearsed incident response procedures, such as tabletop exercises, organisations can ensure that every leadership team member knows how to act when a breach occurs.
- Employee training and awareness: Regular, comprehensive security training is non-negotiable. Employees must be equipped to recognise threats like deepfake impersonations and fraudulent requests. He cites an innovative approach. “If you call the CEO on his cell phone, he’s going to be like, that wasn’t me. Simply tell the person on the other end of the line that you will call them back. Simple callback procedures can disrupt attackers who try to bypass human verification through AI.”
- Threat intelligence sharing: Building a community of shared intelligence among private companies, industry peers, and government agencies can bolster defences continent-wide. Collaborative frameworks help organisations stay ahead of new attack vectors by learning from each other’s experiences.
Defending With AI
While AI is a formidable tool in the hands of cybercriminals, it can also serve as a critical ally for defenders. Many security tools are beginning to incorporate AI to improve response times and automate routine processes. For instance, AI-powered chatbots can gather incident details via familiar communication platforms like Slack or Teams—saving security teams valuable time. According to Martin, these gains are crucial: they allow security professionals to spend less time on initial data collection and more on proactive defence and threat analysis.
However, he cautions against overreliance on proprietary AI solutions unless an organisation has the expertise to manage them. “Using AI defensively is mostly around augmenting efficiency—it’s not a magic bullet for security. The key is to integrate AI into existing processes thoughtfully, ensuring it complements rather than replaces foundational security measures.”
The future is filled with more sophisticated AI-driven attacks beyond some sort of ransomware and emails. “We’ll probably see more deepfakes. They’ll get better. But we’re also going to see attacks where they’ll be able to look for vulnerabilities in your network or your website and then actually write exploits on the fly. It’s going to be way faster, way more efficient, and we have to be able to think through what that means and how to design controls around it.” More targeting of cloud infrastructure is anticipated as will a greater focus on supply chain vulnerabilities. Instead of attacking the main target, attacks focus on vendors and get in that way.
Finally, “We are starting to see this around the world now – extortion tactics. If you’re a business, and have a requirement to report a data breach within 72 hours, some bad guys will get into your network and they reach out and demand X millions of dollars else they’ll report you to your regulatory body, tell them you’ve been hacked for a week and you haven’t reported it. So now you’re going to get in trouble for not notifying regulators about the data breach, which puts you out of compliance.”
Martin’s job, along with his team, is to think through all this. It goes beyond passion. It is a mission.
This article was first published in the March 2025 edition of CIO Africa Magazine.