The appointment, announced on Tuesday in Dubai, will see ElOuazzani lead the company’s regional growth strategy, including revenue, partnerships and market expansion.

She will also oversee efforts to strengthen Censys’ presence with governments and enterprises across the region.

Sarah Ashburn, chief revenue officer at Censys, said:

“We are delighted to welcome Meriam ElOuazzani as Vice President for the Middle East, Turkey, and Africa. This deepens our investment in a region where Censys has established strong momentum and is strategically positioned for accelerated growth. 

“Meriam’s proven track record of scaling cybersecurity markets across META, combined with her deep regional insight, makes her the right leader to grow our market presence and meet rising demand for trusted internet intelligence.”

ElOuazzani has more than 20 years of experience in cybersecurity and enterprise technology. She previously served as Senior Regional Director at SentinelOne, where she built the company’s regional go-to-market operations.

Before that, she held several leadership roles at VMware across the Middle East and North Africa. She also led regional product sales for mobility in the Middle East at Cisco Systems.

In her new role, she will focus on building strategic partnerships. These include government bodies, enterprise customers, managed security service providers and hyperscale cloud partners.

She will work with Rajaee Al-Dalgamouni, appointed Regional Sales Director for META, and Ahmed Ehlayel, named Solutions Engineering, META.

ElOuazzani said:

“The META region is at an inflection point in cybersecurity maturity. Across the Middle East, Turkey, and Africa, governments and commercial organisations are moving beyond perimeter defence and demanding real-time threat detection and operational visibility into their digital footprint. 

“Over the past two decades in this region, I’ve witnessed firsthand how the right intelligence transforms the security operations entirely. 

“Censys’s internet intelligence platform equips security teams with authoritative, real-time insight into exposure and adversary activity, replacing assumptions with actionable confidence. My mission is to establish Censys as a trusted partner across META, enabling the shift from reactive defence to proactive intelligence.”

Censys provides internet intelligence tools that help organisations identify exposed assets, monitor changes and detect threats. The platform, which continuously maps internet-facing systems and infrastructure, is used by governments, large companies and security providers.

The company says it scans all 65,535 internet ports and supports more than 26 industrial protocols, including Modbus, DNP3, Siemens S7 and BACnet. It also provides historical data on internet-connected assets to help track long-term exposure.

Censys has partnered in the Middle East with Rilian Technologies to deliver its capabilities to sovereign and critical infrastructure organisations. With this appointment, the company is increasing its focus on the region and expanding its local leadership team.

The post Censys Appoints Meriam ElOuazzani as Vice President for Middle East, Turkey and Africa appeared first on Tech | Business | Economy.

The data places Nigeria at the centre of a continental problem. While Africa’s digital economy is expanding speedily, security readiness is struggling to keep pace. 

Across the continent, organisations recorded an average of 3,153 cyberattacks per week, compared with 1,963 globally, putting Africa among the most targeted regions in the world.

In Nigeria, the financial sector is the main target. Banks, payment platforms, and fintech firms continue to face heavy pressure from phishing, business email compromise, and credential theft. 

Telecoms, energy, and healthcare operators are also seeing growing exposure as cloud services, mobile platforms, and connected devices are rolled out faster than security controls can mature.

The unique part is not just volume, but method. Across Africa, 77% of organisations were affected by information disclosure incidents, meaning sensitive data was exposed through misconfigurations, weak access controls, or unsecured systems. 

Email is the most effective entry point, responsible for 80% of malicious file delivery, showing that basic weaknesses are still being exploited at scale.

Ransomware has also changed shape. The report shows that 41% of major incidents in Africa now involve data-leak extortion, where attackers steal information and threaten public exposure rather than relying solely on system encryption. 

This approach increases reputational damage and regulatory risk, even when core operations remain running.

In Nigeria, identity theft, stolen session tokens, and API abuse are now more common than traditional malware attacks. In simple terms, attackers are logging in using valid credentials instead of forcing their way through defences.

Beyond Nigeria, several African countries are facing high pressure when it comes to cyberattacks. Kenya recorded 3,758 attacks per organisation each week, while South Africa, Morocco, and other markets continue to see heavy targeting of government services, education systems, and telecom infrastructure.

The operational cost of these attacks is rising. African organisations take an average of 18 days to detect and contain a breach, six days longer than the global average. The report links this delay to skills shortages, fragmented tools, and limited incident response capacity across many sectors.

High-profile incidents in 2025 underline the risk. Data exposure at Seychelles Commercial Bank, service disruption at South African Airways, and unauthorised access to customer data at MTN South Africa all followed a similar pattern: customer-facing systems were targeted, investigations were triggered, and trust became the real casualty.

Regulation is now increasing the pressure. With Europe enforcing stricter cybersecurity regulations under the NIS2 directive, African companies that trade with EU partners are expected to prove strong cyber controls as a condition for market access. Security, the report notes, has become a commercial requirement, not a back-office concern.

From Nigeria to the rest of the continent, Africa’s digital growth is speeding up, but attackers are moving just as fast. 

Cybersecurity in Africa has gone beyond preparing for future risks. The threat is already here, and for countries like Nigeria, the cost of inaction is becoming impossible to ignore.

The post Nigeria Records 4,200 Weekly Cyberattacks Per Organisation as Africa Faces One of the World’s Highest Threat Levels appeared first on Tech | Business | Economy.

From ransomware and phishing to business email compromise, the threat landscape continues to evolve rapidly, posing serious risks to individuals, businesses, and governments alike.

In this exclusive interview with Techeconomy, Craig Jones, the immediate former director of Cybercrime at INTERPOL, shares deep insights into Africa’s cybersecurity challenges, lessons from global operations, and the progress being made in strengthening digital resilience across the continent.

Having led global cybercrime operations and coordinated capacity-building initiatives across Africa, Jones sheds light on the continent’s growing sophistication in fighting back, the collaboration gaps that remain, and what the world must learn from Africa’s experience. He is currently a director at CyPol.

TE: INTERPOL’s latest Africa Cyberthreat Assessment Report highlights over $3 billion in losses since 2019. Based on your experience leading global cybercrime operations, what do you consider the most significant enablers of the surge in cyberattacks across Africa? 

Craig Jones: I think the biggest enablers would be the technology and the criminal groups. We’ve seen a massive surge in criminal groups in Africa, where they’ve shifted from their old traditional model of sending out emails.

They’re becoming increasingly sophisticated in their skill set. They’re forming groups, forming businesses, and working transnationally. We’ve seen other citizens from other countries coming into Africa to work with those African groups as well.

TE: Nigeria is Africa’s largest digital economy and remains one of the hardest hit by cybercrime. What unique challenges make countries with big digital footprints vulnerable?

Craig Jones: I think you just said it, countries with a big digital footprint. Therefore, when you have an extensive digital footprint, you need to undertake considerable cybersecurity and protection measures within. In Nigeria, we’ve seen significant growth in the digital economy space.

Quite often, it’s just mobile phones. These systems are highly susceptible to cyberattacks from cybercriminals.

They launch and put malware on the phones. We see SIM swapping between people who share those phones. And that’s the backbone of the African region. It is about moving and transferring money.

TE: In your time at Interpol, did you notice any patterns of cyber criminal operations specifically targeting Nigeria’s financial systems and business sector?

Craig Jones: I don’t think it was uncommon for Nigeria’s financial businesses. It is not peculiar to Nigeria; it’s seen across South East Asia, Europe, Latin America, and South America.

However, as I mentioned earlier, the attack surface has expanded, resulting in an increased number of vulnerabilities. When you have more vulnerabilities, there are more opportunities for criminals to exploit. So, you then have to turn that around and look at your countries.

TE: How do you build out your digital capabilities? How do you ensure you have a competent workforce that can work in different departments to protect those businesses? The report warns of increasing threats like ransomware, phishing, and business email compromise. Which of these threats worries you the most in the African context?

Craig Jones: Look, crime worries me. Those are all types of crimes that are impacting businesses and communities. It’s the harm that it can cause in a healthcare setting, such as shutting down hospitals during a ransomware attack because they can’t access their systems, which can result in harm to people. You look at the impact when a business has to close down.

Quite often, people forget that the business will also serve other companies. Now, those businesses are all interconnected and reliant on each other; the impact is massive. We recently witnessed this in the United Kingdom with the shutdown of Jaguar-Rover.

TE: How are cyber criminal groups in Africa adapting their tactics compared to other regions you’ve worked in?

Craig Jones:  I think what we see in Africa now is that these groups are adapting and aligning with each other. Criminals in various countries are forming their own criminal networks.  And some of those criminals are actually travelling into Africa to commit their crimes as well.

TE: You previously coordinated cybercrime operations globally for Interpol. How well prepared are African law enforcement agencies to detect, investigate, and prosecute cybercrime?

Craig Jones: In 2019, I attended our working group meeting on cybercrime in Nairobi, and what struck me then was the enthusiasm, but the lack of investment. I went back to the UK and said, ‘Invest in Africa.’ In Rwanda, we had 40 heads of cybercrime, and 50 people were trained on how to prevent cybercrime. We gave them operational, actionable intelligence.

They went and disrupted the cybercriminals. That singular action we took has grown from 114 arrests to 1200 arrests in the most recent operations. We can see growth in terms of capabilities, and Nigeria is a leader in this space. I would like to commend Mr. Uche, who has been actively involved in efforts to tackle cybercrimes.

He started with a shipping container with three people. He now has a purpose-built three-storey building in Abuja.

TE: What role should capacity building and threat intelligence sharing play in improving Africa’s cyber resilience?

Craig Jones: I think they both go hand in hand in addressing the issue of cybercrime. We often discuss capacity building, which involves that type of training, but it’s also about having the technology to connect law enforcement. Interpol’s tools and channels are to be used between Interpol’s 196 member countries, and as I said earlier, that framework is really, really strong. The capability needs to be built out in collaboration with law enforcement and police officers on the ground, but they also require the tools to connect effectively. Once again, significant progress has been made in Africa over the last three to four years.

TE: How can organisations like the Shadow Server Foundation support governments and businesses in Africa to strengthen cybersecurity defences?

Craig Jones: Shadow Server Foundation are, fairly, unique in what they do. What they do is provide information directly to countries about their vulnerabilities, and they offer that information for free. However, Shadow Server is not free to run. So, it is funded, like many things, through donations, project funding, and similar means. However, they often collaborate with the National Cyber Security Centre, so by providing that information to them, the National CERT can help modify and reduce vulnerabilities in the systems and networks that Shadow Server has identified.

TE: The Global Cybersecurity Forum in Riyadh puts Africa’s cybersecurity in the spotlight. What would you like global leaders, businesses, and governments to take away from the discussion about the urgency of Africa’s cyber threat landscape?

Craig Jones: I think this urgency has been there for many years. We’re slowly addressing it, and this is a challenge we have in cybersecurity. It is an urgent matter. It is constantly evolving, and we see the impact it has on our communities. As part of this forum, we have the global thought leaders, but now they’re turning their ideas into tangible actions. It’s an investment.

The money needs to be invested in these countries to help them improve their cybersecurity. However, you also need to make it sustainable. So quite often, money is poured into countries, and then people disappear after two or three years. We need to build this.

We need to make it sustainable. We need to make it sustainable for many years to come. I think that’s a good place to start. I think so.

The post “Africa Must Invest, Not Just React, to Cyber Threats”, Former INTERPOL Cybercrime Chief, Craig Jones, Warns appeared first on Tech | Business | Economy.

The KnowBe4 Africa Human Risk Management Report 2025, which gathered responses from 124 senior cybersecurity leaders across 30 African countries, reveals a dangerous disconnect between perception and reality. 

Leaders often say their workforce understands cyber risks, scoring awareness at an average of four out of five, yet the systems needed to translate that awareness into effective action remain weak.

One of the starkest findings is around training. Although 68% of decision-makers insist security awareness training is tailored to job roles, the second most-cited challenge in the report is the lack of role-based alignment. 

In practice, many employees are still receiving generic, one-size-fits-all programmes, often delivered annually or biannually. Manufacturing and healthcare organisations were singled out, with 50% and 40% respectively admitting no role-specific tailoring at all.

Phishing simulations, widely recognised as a critical tool, are also underutilised. While 90% of organisations conduct them, only 7% do so monthly, and the largest share (40%) runs them just twice a year. 

The report warns that this “low frequency poses a critical challenge” because rare exposure makes it harder for employees to develop instinctive responses to real threats.

Technology adoption is another fault line. Between 41% and 80% of employees across the continent use personal devices for work, yet many of these devices lack proper security controls. 

This Bring Your Own Device (BYOD) trend, particularly high in North Africa where 61%–80% of workers use personal phones or laptops for office tasks, remains largely unmanaged. 

Compounding this is the rising risk of “shadow AI”. Nearly half of organisations (46%) admitted their AI governance policies are still “in development”, leaving staff free to use AI tools in potentially unsafe ways.

The report also reveals sharp regional contrasts. Southern Africa leads in training frequency, with 44% of organisations conducting sessions quarterly. East Africa is ahead in AI governance, with 50% of organisations already having formal policies in place. 

In contrast, West and Central Africa report the highest number of human-related security incidents, while North Africa combines the highest BYOD exposure with the lowest training frequency.

Anna Collard, SVP of content strategy & evangelist at KnowBe4 Africa, summed up the problem bluntly: “There’s a disconnect here – between what leaders think is happening, and what employees are actually experiencing. The data shows that without procedural and cultural follow-through, awareness simply doesn’t translate into readiness.”

For businesses, awareness alone is no longer enough, especially when it comes to the huge cybersecurity divide in Africa. The report calls for customised, role-based training, stronger incident reporting systems, clear AI governance, and region-specific strategies. Without these, Africa’s growing confidence in its cyber defences risks masking dangerous blind spots.

The post Africa’s Cybersecurity Divide: East Leads in AI, South Trains More, But Only 1 in 10 Leaders Trust Staff to Report Threats appeared first on Tech | Business | Economy.