The current organizational and business operating environment in Tanzania is evolving rapidly. Digital solutions are more accessible, making it easy to embrace opportunities for automation and digitalization. This move has afforded citizens an increased number of digital channels for transaction processing or service delivery. From e-Government services to e-commerce, our lives are becoming more digital with each passing day. This means what we value most as individuals or organizations is digital and intangible. Organizations are now placing a very high premium on data and information.
On the other hand, the value for data and digital assets has, stirred up the attention and focus of e-criminals, who continually seek innovative ways to capitalize on vulnerabilities inherent in technology platforms and the digital ecosystem to compromise IT systems, steal sensitive information or financial resources through digital means. This trend has heightened the cybersecurity risk landscape for many organizations in Tanzania and East Africa.
A recent study on the state of cybersecurity, conducted by PwC and detailed in the PwC 2025 Global Digital Trust Insights (DTI), reflects similar concerns. The study gathered insights from over 4,000 IT and Information Security professionals globally. Looking at the survey results for the East Africa region, 74% of East African respondents indicated that cyber risk is a top priority in their organizations.
The survey results reveal that third party breaches are considered the highest threat in East Africa (46%), followed by social engineering (39%), hack and leak operations (37%), business email compromise (31%) and cloud related threats (31%). These are the top five cyber threats organizations are most concerned about.
The East Africa context is slightly different from the global one where respondents indicated that the top five cyber threats were cloud related threats (42%), hack and leak operations (38%), third party breaches (35%), attacks on connected products (33%) and ransomware (27%).
It is important to explore the top five cyber threats in our local context based on perceived risks and response strategies. Firstly, organizations may decide to connect their technology platforms as a way of facilitating real-time data exchange and information sharing. In this case, the organization with the least effective cyber safeguards, presents the weakest link and if compromised, all other connected organizations may experience heightened risks of cyber breach. This is the concept of third-party breach. Many organizations have invested in strategic partnerships to leverage technology capabilities provided by third parties. It is however, prudent to carry out cyber due diligence to ascertain whether the third-party service provider has implemented robust safeguards against cybersecurity threats. Regulators and oversight authorities have made strides in establishing minimum cyber security guidelines and standards, but enforcing consistent compliance for some sectors continues to be a challenge.
Cyber breaches emanating from social engineering attacks and even business email compromises are primarily because of poor cyber hygiene and a lack of general cyber awareness. Good cyber governance processes and tools can be rendered ineffective if not complemented with a cyber-aware community within the organization. We have seen an increased focus on cyber awareness campaigns and training programs across all cadres of organizations to instil a cyber savvy culture.
Many private and public institutions in Tanzania have fallen victim to data breaches and leakage of sensitive information because of cyber-attacks. These incidents are sometimes not reported to minimize reputational damage or brand positioning. Cyber criminals will normally take advantage of poor cyber controls, use of outdated technology solutions and in many cases negligence on the part of those charged to safeguard the technology infrastructure. Attackers can gain unauthorized access to the IT systems and remain undetected for many months. They aim to steal credentials that will enable them to widen their unauthorized access to more sensitive information and data while covering their tracks. Organizations should implement robust cyber resilience programs to address this matter; unfortunately, this is one of the areas where many institutions scored poorly. The results of the DTI survey show that while 54% of regional firms prioritise critical processes in their cyber strategies, only 29% conduct tabletop exercises, highlighting resilience gaps. Periodic reviews of organizational-wide cyber resilience and capabilities are one of the recommended ways for organizations to develop and establish a cyber resilient culture.
Lastly, cloud related threats refer to arrangements where core IT application services or infrastructure support is provided by a third party, also known as managed services. Cloud services are beneficial to organizations if adopted after conducting a thorough due diligence. They are more affordable, efficient, scalable and grant access to specialised skills which may not be available within the organization. However, cloud service arrangements especially with global players provide very little flexibility for organizations to dictate favourable cyber provisions, leaving those who seek such services at the mercy of the service provider. Outsource technology services to a third party does not absolve an institution from the underlying cyber risk management responsibilities. It is recommended that one carries out a cloud services risk assessment to determine institutional processes that can be delivered through managed services.
There is a very positive outlook on cyber governance, which resonates with Tanzania's recent ranking as the Africa leader in cybersecurity governance according to the 2024 Global Cyber Security Index. East African respondents reported that cybersecurity regulations have challenged, improved, or strengthened their security posture in 92% of cases, compared to 78% globally. This underscores the region's strong commitment to improvement.
Navigating the cybersecurity minefield demands a deep understanding that the cyber risk landscape is a constantly evolving phenomenon. As we embrace digital innovations, cybersecurity safeguards should be a priority. This is a shared responsibility across the organization and its starts with enhanced cyber awareness geared to cultivate a cyber resilient culture.
Author
