AI IN AFRICA:
CYBERSECURITY PERSPECTIVE

Yuliya Shlychkova, Global Public Affairs Director, Kaspersky

Andrey Ochepovsky, Public Affairs Manager, Kaspersky

AI technologies are already having a significant impact on people around the globe, and this tendency will definitely increase in the foreseeable future. And Africa is no exception in this process with artificial intelligence ‘spreading’ throughout the continent.

According to the Policy Network on AI (a global multi-stakeholder effort hosted by the United Nations' Internet Governance Forum), “globally, Africa is still catching up to many parts of the world when it comes to designing AI strategies, governance frameworks, and AI regulation”^[1]. Still, the continent has been ever more engaged in these processes. In 2019, the African Union (AU) formed the Working Group on AI with the aim to elaborate a common African stance on artificial intelligence technologies. In 2023, the African Union Development Agency (AUDA-NEPAD) and the AU High-Level Panel on Emerging Technologies (APET) drafted the “African Union Artificial Intelligence (AU-AI) Continental Strategy for Africa”. A continentally adopted version is expected to be presented at the AU Summit of African Heads of State and Government in January 2024.

African countries’ growing interest in AI was also reflected during the Africa Internet Governance Forum (September 2023) as seen in one of its sessions within the Parliament Track. Entitled “Artificial Intelligence offers benefits: How parliamentarians can build responsible AI approaches in Africa”, the session provided an opportunity for members of African national parliaments to discuss multi-stakeholder cooperation in promoting AI on the continent with experts from the corporate sector (including Kaspersky) and international organizations.

Like most innovations, AI technologies present both vast opportunities and substantial risks. And cybersecurity is no exception, as artificial intelligence can be used by malicious actors in numerous ways – for example by allowing cyber attackers to employ more sophisticated and targeted approaches, crafting highly convincing phishing emails, or automating fraudulent activities in the financial sector.

In this context, one should not exclude the fact that AI could also be used by malicious actors targeting African users and organizations. This, in turn, would further deteriorate the cybersecurity situation on the continent – especially since, according to the INTERPOL’s African Cyberthreat Assessment Report released in March 2023 (co-authored by Kaspersky), African countries already face an increasing wide range of cyberthreats^[2]. These include, among others, phishing (Kaspersky detected over 15 million phishing objects in Africa by between January and July 2022); online scams and extortion; ransomware attacks; banking trojans and stealers, etc.^[3].

As AI can be used to make cyberthreats even more sizeable, a logical question arises: what should be done to counter and mitigate these risks more effectively?

From the administrative standpoint, countries and regional organizations should continue creating a regulatory framework that will establish the principles for the development and use of AI in Africa, incorporating the following:

1. Broad cooperation. It’s important to encourage a close and constant dialogue among African stakeholders (policymakers, corporate sector, academia, etc.) as well as between them and their colleagues from other regions. This process will enable the sharing of expertise and, therefore, enrich their knowledge.
2. Harmonization. While a growing number of African countries have embarked on the path of developing frameworks for AI, the risks of the “balkanization” of the AI regulatory landscape are also increasing. This disparate creation of rules could result in significant obstacles for the development and use of artificial intelligence on the continent as a whole, limiting it to national boundaries only.
3. “Sensible” regulation. When creating the “rules of the game” for the use and development of AI, it’s crucially important that African nations avoid overregulation. Imposing norms that are too strict and principles that would create additional obstacles for AI innovators, discouraging them from working in the country. Eventually, this would lead to a widening gap in AI between Africa and leading countries in other parts of the world.

At the same time, simply creating a relevant regulatory framework isn’t enough to ensure the sustainable development of AI. It’s of paramount importance to introduce cyber hygiene best practices that will enhance cyber literacy among all IT users. In this regard, cybersecurity awareness should become an integral part of school and university education as well as in the workplace with training courses. And, taking into consideration the specificities of Africa, governments there should not be alone in bringing cyber hygiene into education. Other stakeholders – corporate sector, international organizations, academia, NGOs – need to be involved in developing and promoting educational programs that should become an intrinsic component of global social responsibility.

In conclusion, the widespread use of AI in Africa presents vast opportunities for sustainable growth, but it also entails substantial risks to numerous domains including cybersecurity. This, in turn, makes cooperation on cybersecurity between all interested parties – governments, corporate sector, academia, NGOs, etc. – increasingly important. For its part Kaspersky firmly supports every effort already undertaken in this direction and expresses its readiness to continue contributing to existing and future initiatives in this sphere to secure a cybersafe future for the African continent.

[1] Strengthening multi-stakeholder approach to global AI governance, protecting the environment and human rights in the era of generative AI. – IGF Policy Network on Artificial Intelligence, October 2023. Available at: https://intgovforum.org/en/content/pnai-report

[2] African Cyberthreat Assessment Report. – INTERPOL, March 2023. Available at: https://www.interpol.int/content/download/19174/file/2023_03%20CYBER_African%20Cyberthreat%20Assessment%20Report%202022_EN.pdf

[3] Ibid.