Nigeria's new data law; Anonymous Sudan, again

CybAfriqué is a weekly newsletter covering news and analysis on cyber, data, and information security on the African continent.

Nigeria’s New Data Protection Law

On June 14, Nigeria’s new President, Bola Ahmed Tinubu signed a new data protection bill into law. The bill, which was first developed by the Nigeria Data Protection Bureau in October 2022, provides a legal framework for the protection of data in the country. Until now, data protection was covered rudimentarily across a bunch of related regulations, mainly the 2015 Cybercrimes (Prohibition, Prevention, etc.) Act, the 2007 National Identity Management Commission Act, the 2019 Nigeria Data Protection Regulation, and the 2021 National Cybersecurity Policy and Strategy. 

Both the 2019 NDPR and the 2021 National Cybersecurity Policy and Strategy provides a pretty extensive regulations on data protection in the country, but the regulations have barely been followed. Numerous breaches and data violations have occurred with little to no repercussions. One of the improvements of the new bill apart from providing a central policy and framework for data protection is that it covers specific things such as how data is processed and regulations on who can store or process data – which seems like a prelude to taxing and licensing. 

The most important feature, in my opinion, is that it makes provision for a commissioner and governing circle with the authority to enforce the policy. This makes enforcement much more easier, and hopefully, might lead to better data standard because as I’ve covered before, the bar is in hell at the moment, 

Anonymous Sudan Successfully DDOS’ed Microsoft

Anonymous Sudan  – the Sudan-claiming Russian-seeming hacktivist group – caused an outage of Microsoft cloud and email services. On Friday, Microsoft admitted that the outage had been due to targeted DDoS attacks which began in early June from an entity identified as Storm-1359. Microsoft did not explicitly identify Storm-1359 as Anonymous Sudan, but Anonymous Sudan has since claimed responsibility  for the attack and has been gloating over it since before then. 

Microsoft said the attack targeted layer 7 instead of the usual layer 3 and 4. The attackers used an extensive network of bots and virtual servers to bombard Microsoft with millions of https requests, bypass cache protocol, and carry out a slowloris attack by responding slowly or not responding at all to request response.

Thank you for reading CybAfriqué Newsletter. This post is public so feel free to share it.

Big picture stuff

• SMEs in Africa face several cybersecurity challenges. They often have limited resources to invest in advanced security solutions and are often run by people who lack cybersecurity awareness and knowledge. This piece argues for the importance of providing accessible protection for small and medium sized enterprises in Africa. 

• Governments, especially in the Global South, are getting increasingly bolder with internet restrictions. In In 2021, there were 50 internet restrictions across 21 countries. But amidst growing digitization, these restrictions take a heavy toll on the economies and finances of ordinary people. This article by Omoleye at Technext analyzed the economic price of internet shutdowns and restrictions. 

• South Africa’s biggest cybersecurity threat, as argued by this piece, might be the human factor and not subpar infrastructure.

• We’ve talked about Nigeria’s new data protection law, but here’s why it may not benefit its digital economy. 

• Also, check out the EU Cyber Diplomacy Initiative’s publication on “priorities and perspectives on African confidence-building measures in cyberspace.” 

Headlines

The 2023 General Assembly of the African Cybersecurity Circle is happening in Dakar, tomorrow. – Africa Cybersecurity Magazine 

Tanzania’s Institute of Accountancy Arusha (IAA) is partnering with the police force to provide professional cybersecurity and anti-cybercrime trainings. – Dailynews Tanzania 

Nigerian fintech Glade lost $214,000 to an internal hack. - TechCabal

Benin’s CRIET arrests nine cybercriminals, and four major scammers. – Le Matinal

Nigeria is working on a practice code for ChatGPT and other generative AI models - Regtech Africa 

In Kenya, Meta is appealing the court’s ruling on its moderators. - TechCabal

Nigeria’s Globus Bank was hacked through a USSD glitch. - Business Post

The Development Bank of South Africa suffers a ransomware attack by the Akira gang. - The Record

Angola is starting a cybersecurity academy. - Angola Press Agency

Across the world

Hackers are threatening to leak data stolen from Reddit. – Techcrunch

How Huawei got caught spying. – Bloomberg 

Post note

Remember to share. See you next Tuesday!