CXO TRAIL INSIGHT
Executive level strategy across technology in Africa
Editor’s note
The November issue of CxOTrail Insights magazine explores the dualities of the accelerating digital world, the immense power of new technology, and the critical human and systemic risks that accompany it. As 2025 draws to a close, it is clear that simply reacting to threats is no longer a viable strategy. This issue is dedicated to the architects of proactive defense and strategic resilience.
Our focus this month is on the human element, the greatest vulnerability, and the ultimate defense. We open with a sobering look at 'Reasons Why Cybercriminals Are Exploiting Your Kindness,' detailing how scams like Romance Fraud and Financial grooming scam bypass fear by strategically exploiting our positive emotions and inherent trust. This is complemented by an essential piece on Unmanaged BYOD, which highlights how the convenience of personal devices has created a critical, unmanaged weak link in the hybrid workplace. Addressing these issues requires a shift in human risk management, a need reinforced by the essential new WhatsApp Lockdown Mode, a feature designed to empower high-risk users with one-touch security against targeted attacks.
In an exclusive interview, Fiyinfolu Okedare outlines the roadmap for moving corporate security from reactive investigation to proactive, integrated fraud governance, emphasizing the need for executive ownership and leveraging advanced analytics to spot anomalies in real-time. This philosophy is echoed by Nickey Mannya, who details how CTOs in the highly regulated banking sector are securing distributed environments with a Zero Trust model and enforcing Shift Left compliance by embedding security into the earliest stages of development. Their proactive stance aligns perfectly with the strategic shift captured in the Tenable announcement. The company’s leadership in Gartner’s inaugural Magic Quadrant for Exposure Assessment Platforms confirms that the industry is rapidly transitioning from retrospective vulnerability management to preemptive exposure management. This proactive lens is vital, especially for the retail sector, which a new Sophos report reveals is su ering multi-million-dollar losses due to unknown security gaps and persistent ransomware threats.
We look at the role of infrastructure and innovation in shaping Africa's future. The continent’s digital ambition requires a robust backbone, a need that is being met by Equinix's $22 million data center investment in Lagos, designed to bridge the digital divide and accelerate cloud and AI connectivity. This drive for performance is supported by new hardware, as detailed in the Dell PowerEdge XE7740 unveiling—a server that democratizes high-performance AI and Large Language Model (LLM) acceleration for on-premises enterprise use.
Leading this technological vision is Wasiu Popoola, CEO of Tech Brokers, who shares his insightful vision for a seamlessly integrated financial Super Highway in Nigeria. He discusses how AI, far from challenging core tenets of Islamic finance, is in fact becoming the ultimate tool for compliance and trust, while also detailing his three-pronged strategy, Purpose, Pay, and Power, for cultivating world-class local talent. This issue serves as your playbook for the year ahead, a guide to anticipating risk, building scalable infrastructure, and strategically investing in the talent and technology that will define digital resilience.
Anabel Emekene Editor
Published by:
Disclaimer
This magazine’s content is provided for informational purposes within Africa’s technology landscape. Views are solely those of the contributors and not necessarily of CXO Trail Insight. The publication assumes no responsibility for any inaccuracies or resulting consequences.
Dell Unveils the PowerEdge XE7740 server with Intel® Gaudi® 3 PCIe accelerators for Powerful AI Acceleration.
Dell Becomes First-to-Market with Integrated Intel Gaudi 3 PCIe Accelerators, Delivering Record Price-to-Performance for On-Premises AI Workloads
In a significant move to democratize high-performance Artificial Intelligence, Dell has o cially unveiled the PowerEdge XE7740 server, featuring the powerful new Intel Gaudi 3 PCIe accelerators. Dell is proud to be the first to market with an integrated server configuration leveraging this cutting-edge AI technology, giving enterprises a new blueprint for building secure, e cient, and future-ready digital ecosystems. The new 4U PowerEdge XE7740 is a powerhouse designed specifically for the demanding needs of modern AI development. It combines the robust performance and scalability of the PowerEdge XE-Series with the straightforward integration typical of the R-Series, creating a balanced platform for businesses across all sectors.
Whether you’re fine-tuning Large Language Models (LLMs) for a specific business process or running high-performance inferencing in real-time, the XE7740 is engineered to simplify deployment, optimize operations, and set a new standard for AI price-to-performance. This flexible infrastructure is ideal for data-intensive industries like financial services, healthcare, manufacturing, telecommunications, and retail.
workflow scalability with a combined throughput of 1,200 GBps for accelerator-to-accelerator communication, utilizing 18x 200GbE interfaces with RoCE v2. This bridging is vital for handling the massive memory space and data flow of larger AI models.
Networking Flexibility: The server provides up to a 1:1 accelerator-to-Network Interface Card (NIC) ratio, ensuring data can be fed to the accelerators e ciently.
One of the XE7740's biggest advantage is its ability to integrate frictionlessly into existing corporate data centers.
The XE7740’s architecture is built for demanding AI tasks:
Accelerator Capacity: It can accommodate up to eight double-wide PCIe accelerators, providing massive parallel processing power.
Gaudi 3 Integration: Supporting up to eight individual Gaudi 3 accelerators, the server optionally o ers two groups of 4-way bridged accelerators.
High-Speed Communication: The 4-way Gaudi 3 PCIe accelerator bridging ensures
Data Center
Equinix Announces Plans for
New $22 Million Data Center in Lagos, Nigeria
The investment is the first phase of a $100M plan to bridge Africa’s digital divide, bringing world-class cloud and AI connectivity to Nigeria’s booming tech ecosystem by Q1 2026.
Lagos Data Center
Equinix is significantly boosting its presence in Africa with plans to open a high-performance data center in Lagos, Nigeria, named LG3. This $22 million investment marks a major commitment, representing the first phase of an ambitious $100 million plan aimed at transforming Africa’s digital landscape over the next two years.
Scheduled to open in Q1 2026, LG3 is Equinix’s first newly constructed data center in West Africa. It is designed to provide the crucial infrastructure necessary for both local businesses to scale and international companies to enter the market.
A key feature of the new site is the incorporation of Equinix Fabric. This enables businesses to securely and privately connect their physical and virtual infrastructure to cloud service providers, partners, and other Equinix locations across their global network of over 270 data centers.
Wole Abu, Managing Director for West Africa at Equinix, highlighted the impact: “LG3 marks a significant milestone in Equinix’s long-term commitment to bridging Africa’s digital divide. This facility is accelerating access to technologies like cloud, AI, and the next wave of startups.”
Lagos is perfectly positioned for this expansion. As Nigeria is the second-largest economy in Sub-Saharan Africa, Lagos stands as the epicenter of its digital transformation, recognized as the only African city in the Global Top 100 Startup Ecosystems.
The investment underscores the accelerating digital transformation across Africa, driven by a young, tech-savvy population and increasing demand for secure data services.
Empowering Local Scale: The facility will provide robust and resilient platforms, allowing Nigerian companies like Cedarview to expand their digital footprint and deliver high-performance solutions.
Attracting Global Players: By providing carrier-neutral infrastructure and global connectivity through Equinix Fabric, LG3 makes Lagos an even more compelling
destination for hyperscale cloud providers and multinational enterprises.
Strategic Hub: The site will harness Nigeria’s strategic position as a hub for global subsea cable connections, securely linking Africa with Europe, Asia, and beyond.
Since entering the African market in 2022, Equinix has rapidly expanded its footprint across key markets, including Nigeria, Ghana, Côte d’Ivoire, and South Africa, positioning itself as a central player in the continent’s digital future while maintaining a commitment to responsible, sustainable operations.
'This facility is accelerating access to technologies like cloud, AI and the next wave of startup
E ectiveness of emotional content
Reasons Why Cybercriminals Are Exploiting Your Kindness
Cybercriminals
We often discuss cybercrime in terms of fear, urgency, and technical vulnerabilities. But what happens when the weakest link isn’t unpatched software, but our own best intentions, our kindness, empathy, and desire to help?
As Anna Collard, SVP of Content Strategy and CISO Advisor at KnowBe4 Africa, warns, cybercriminals are now “hacking kindness,” strategically targeting positive emotions to lower our psychological defenses. the e ectiveness of emotional content, whether negative or positive, is rooted in how we process information.
Fear and Urgency trigger a “fight-or-flight” response, forcing quick decisions and suppressing critical thinking. This is the classic, urgent “Your account has been locked!” scam. Positive emotions, such as compassion or love, are far more insidious. Research shows the “warm glow” e ect from helping others makes us less likely to question whether a request is legitimate. Instead of engaging our analytical brain, we rely on mental shortcuts, our inherent trust.
Criminals exploit this positive feedback loop. They create fake charities for children or disaster relief, using sophisticated tools like deepfake videos or AI-generated content to make their cause look utterly real. In communities where collective responsibility, such as the South African concept of ubuntu, is strong, criminals exploit these cultural values, framing their scams as community-building initiatives to maximize participation and reduce local suspicion. Beyond fake charity drives that mimic legitimate organizations like UNICEF, CANSA, the most destructive scams today involve building long-term trust:
Romance Fraud: Criminals spend months building emotional dependence, exploiting loneliness before making a financial request.
Financial Grooming Scam: These highly organized schemes involve building a “relationship” and then convincing the victim to invest in a fake, lucrative cryptocurrency or foreign exchange platform. The victim is ‘fattened up’ before being ‘slaughtered’ for all their assets.
The most destructive scams today involves building long term trust
In these cases, the victim forms a genuine emotional bond, making it nearly impossible for them to accept that they are being manipulated.
What can we Do To Protect Ourselves?
Fighting kindness-based hacks requires not just new policies, but a new approach to human risk management, one rooted in empathy and verification.
For Individuals:
The 24-Hour Pause Rule: Before making any financial decision based on an emotional appeal, charity, investment, or helping a new friend, wait 24 to 48 hours. This allows your critical thinking to re-engage.
Verify: Always use independent online resources to verify charitable organizations. Never click a link in an email; navigate directly to the o cial charity website.
Discuss Decisions: Always talk about potential large donations or investments with trusted friends or family members. Use Traceable Payments: Stick to secure, traceable methods. Never use gift cards, prepaid cards, or cryptocurrency transfers for unexpected requests.
Use Traceable Payments: Stick to secure, traceable methods. Never use gift cards, prepaid cards, or cryptocurrency transfers for unexpected requests.
Cybersecurity awareness is about defending our ability to genuinely help others. By being security-conscious, we protect ourselves and ensure that our resources reach legitimate causes, enabling more e ective and sustainable generosity.
NICKEY MANNYA
Director of Cyber Security, Westcon-Comstor
Sub-Saharan Africa
Quantifying Risk and Securing the Digital Bank
Nickey Mannya on Zero Trust, Shift Left Compliance, and the AI Strategy
Compensating for Africa’s Talent Gap
The single most e ective metric for executive teams to quantify the systemic risk of a supply-chain or third-party breach on long-term business strategy is the Contingent Economic Loss per Day of Outage (CELDO)
EXCLUSIVE INTERVIEW
Nickey Mannya, Director of Cyber Security & Next Generation Solutions - Southern Africa, provides the executive roadmap for balancing aggressive digital growth with rigorous regulatory compliance in the region's highly complex banking sector. Mannya argues that modern cybersecurity is not an IT cost, but a risk management principle essential for business continuity.
He unpacks how to tackle distributed environments by enforcing a Zero Trust model for identity and API security, and reveals the 'Shift Left' strategy for translating regulatory mandates into machine-readable compliance.
Q: With digital banking and mobile channels growing fast across Africa, financial institutions face increasing complexity in linking them with legacy systems. From a CTO perspective, how do you approach the challenge of maintaining consistent security across such a distributed environment?
A: I’d say this would require a strategic and centralised approach that focuses on governance
and important aspects in financial services, identity between the banking and the client, API security to ensure all incoming and outgoing tra c is monitored, and automation ensuring all of these of done behind the scenes with as little human intervention as possible. Deploying a zero-trust approach for identity, where no device or human is inherently trusted and treated as new, and authentication on the API security side would manage this better
Q: Southern African banks are highly regulated. How do you architect a security and innovation roadmap that ensures continuous compliance is achieved not as a bottleneck, but as a byproduct of modern, secure development and platform practices?
We must embed compliance into the earliest stages of the development and platform lifecycle, essentially enforcing the 'Shift Left' principle for security and governance.
A: This would require a mindset change as well as a change in the ways of doing things. We must embed compliance into the earliest stages of the development and platform lifecycle, essentially enforcing the "Shift Left" principle for security and governance. Policy, translating all relevant Southern African regulatory requirements (e.g., POPIA, GDPR, SARB guidelines, banking standards) into machine-readable policies and configuration scripts. Another possibility could be to establish a formal, rapid SARB that reviews all major architectural designs.
Q: The continent faces a severe shortage of skilled cybersecurity professionals. What is your strategy for leveraging "Next Generation Solutions" (like AI/Automation) within your security operations to compensate for this human capital shortage and deliver resilience at scale?
A: The scarcity of skilled cybersecurity professionals across the continent necessitates innovation and a strategic pivot from relying solely on human expertise to embracing Next Generation Solutions (NGS)—specifically AI and Automation—to deliver scalable resilience. My strategy focuses on using these technologies to multiply the e ciency of our existing team and shift the operational burden from personnel to platforms. Another value add we do with our vendors and partners is the digital nomad approach, leveraging the skills of professionals across the world who could work from anywhere remotely. These professionals are available at a cost, but with governance and security structures in place, access to highly skilled professionals is at our fingertips.
Q: From an engineering standpoint, what is the single most e ective AI-driven countermeasure you are prioritizing right now to protect the bank's core assets or customer transactions during this quarter ?
A: Real-time anomaly detection where human response is too slow. This would help with countering the erosion of human trust and capital loss. We see the shift from security at the end of development to security integrated throughout (DevSecOps). For a bank building new APIs and microservices, what is the most critical
automated security gate you implement to prevent high-risk vulnerabilities from ever reaching production?
A: Personally, as a tech exec tasked with digital transformation, the most critical automated security gate—the one that absolutely must be enforced to prevent high-risk vulnerabilities in new APIs and microservices—is Authenticated Static Application Security Testing (SAST) integrated directly into the Git workflow. Automated SAST (Shift Left Enforcement) ensures that the code itself is clean before it becomes a deployable artifact. Waiting until runtime or even integration is simply too late in a high-velocity microservices environment.
Q: Your role requires investing in long-term, disruptive tech (AI, PaaS) while delivering immediate results. When presenting to the board, how do you calculate and communicate the Risk-Adjusted Return on Investment (R-ROI) for a non-revenue-generating security platform investment?
A: My answer is simple: cybersecurity now forms part of risk management. It is no longer about whether we invest in cybersecurity or how much we invest, but rather, how much we are able to withstand losing should we not have enough cybersecurity measures in place. The practice of cybersecurity moves from a cost center now into a risk management principle that we can no longer a ord to live without.
Q: As a distributor, your partners must implement complex solutions reliably across diverse clients. What is your technical framework for ensuring implementation consistency and
operational cohesion among all your Southern African partners when rolling out a new, highly-integrated "Next Generation" security stack?
A: The technical framework for ensuring implementation consistency and operational cohesion among our Southern African partners when rolling out a highly-integrated "Next Generation" security stack is built around our existing expertise and focused on Standardization via Pre-Engineered Blueprints, Automation, and Certifiable Delivery. Leveraging the concept behind our Tech-Xpert methodology, we transition the expertise from an individual human to a codified, certified deliverable.
Q: The financial impact of cyber-fraud in South Africa is severe. When advising executive teams, what one core metric do you emphasize to quantify the systemic risk of a supply-chain or third-party breach on long-term business strategy?
A: Here is something to consider: The single most e ective metric for executive teams to quantify the systemic risk of a supply-chain or third-party breach on long-term business strategy is the Contingent Economic Loss per Day of Outage (CELDO). This metric moves the conversation away from the abstract cost of remediation (forensic fees, immediate fines) toward the devastating strategic impact of sustained business interruption. It transforms an operational security failure into a quantifiable threat to P&L and market stability. The cost of the cyber-attack and fixing the loss, when quantified, gives a value that exec teams can measure if they have the stomach for it or not. This is what CISOs and CIOs, including CFO, get fired for.
The scarcity of skilled cybersecurity professionals across the continent necessitates innovation and a strategic pivot from relying solely on human expertise to embracing Next Generation Solutions specifically AI and Automation to deliver scalable resilience.
Sophos: 58% of Retailers Hit by Ransomware Pay the Ransom
Sophos Report Reveals That Unknown Security Gaps Are Now Costing Retailers
The retail sector has long been a prime target for cybercriminals. Still, the latest data from the Sophos State of Ransomware in Retail 2025 report reveals that the threat landscape is worsening, driven by both technical flaws and an alarming lack of security visibility.
The headline figure is stark: 58% of retailers whose data was encrypted ultimately paid the ransom, the second-highest payment rate in five years. Even more concerning, the median ransom demand has doubled to $2 million since last year.
Why are retailers continuing to pay, even as costs spiral? The report points to critical failures in both operations and defense:
• Unknown Security Gaps (46% of Attacks): Nearly half of all ransomware attacks were traced back to a security gap the organization was unaware existed. This underscores a severe challenge in asset management and comprehensive visibility across the modern retail attack surface, which often includes complex remote access and internet-facing equipment.
• Limited In-House Expertise (45% of Compromises): A persistent lack of internal skills is the second most common operational driver, preventing retail teams from e ectively detecting and neutralizing sophisticated threats like Akira, Cl0p, and Qilin.
As Chester Wisniewski, director, global field CISO, Sophos, warns, “Without this, retailers risk ongoing operational disruption and lasting reputational damage that could take years to repair.”
While the figures are sobering, the report does contain glimmers of progress:
• The percentage of attacks stopped before encryption hit a five-year high, suggesting improved detection capabilities.
• Retailers are showing resistance to demands: 59% of victims who paid negotiated down the initial request.
• The mean cost of recovery (excluding the ransom) has dropped by 40% to $1.65 million, its lowest point in three years.
However, adversaries are adapting. Even as encryption rates fall, the proportion of retailers hit by extortion-only attacks where data is stolen but not locked has tripled, ensuring that financial pressure remains high.
For executive leaders, the solution lies in transitioning to a proactive, risk-management focus:
• Prioritize Visibility and Remediation: Combine strong asset management and patching with specialized services like Sophos Managed Risk to eliminate the unknown technical weaknesses that drive nearly half of all attacks.
• Ensure 24/7 Coverage: Organizations lacking the in-house expertise, 45% struggle with this; they must partner with Managed Detection and Response (MDR) services to ensure continuous, expert threat monitoring and rapid response.
• Plan for the Worst: Routinely test a comprehensive incident response plan and maintain reliable backups. The recovery cost drop suggests that prepared organizations recover faster and su er less overall damage.
Successful security programs focus on risk management. By combining strong governance with outsourced expertise, retailers can move beyond simply paying ransoms and transform their cyber defenses into a proactive shield.
AI, Ethics, and the Future of Financial Services in Africa
Tech Brokers CEO Wasiu Popoola on Building Trust, Talent, and Sharia-Compliance in the Digital Era
Wasiu Popoola, CEO
In an exclusive dialogue with Wasiu Popoola, CEO of Tech Brokers Ltd, a leader operating at the forefront of digital transformation in Nigeria, he o ers a penetrating look into the forces reshaping the African financial ecosystem. With expertise spanning technology, finance, and ethical leadership, Popoola unpacks how Artificial Intelligence (AI) is not challenging but reinforcing the core tenets of Finance, specifically the prohibition of Riba (interest), by introducing unprecedented levels of compliance and transparency.
This conversation explores the strategic roadmap for achieving true financial inclusion. Popoola reveals his three-pronged strategy for cultivating world-class talent by focusing on Purpose, Pay, and Power, and details his vision for a seamless integrated financial Super Highway built on the synchronized e orts of regulators, traditional banks, and nimble fintech innovators.
Q: Artificial Intelligence is fundamentally changing financial services, from credit scoring to customer service. As a leader in both fintech and Islamic finance, how do you see AI impacting the core tenets of Islamic finance, such as the prohibition of Riba (interest)?
The beauty of AI is its ability to process complexity with precision. For non-interest banks in Nigeria, AI is not a risk to Riba prohibition; it is the ultimate compliance and trust-building tool.
A: This is where technology meets morality, and we have positioned ourselves at Tech Brokers as the right partner to help our clients navigate the AI phenomenon seamlessly. The beauty of AI is its ability to process complexity with precision. For non-interest banks in Nigeria, AI is not a risk to Riba prohibition; it is the ultimate compliance and trust-building tool. Let's take a common scenario: a trader in Kano's Kantin Kwari market needs financing to stock up on textiles for the Sallah rush. She applies for a Murabaha facility. Traditionally, a bank o cer would physically verify invoices, confirm the bank's ownership of the goods, and manage the sale agreement, a process prone to human delay and error.
Q: Nigeria has a young, tech-savvy population, but there's a significant global competition for top fintech talent. What is your strategy for attracting, retaining, and developing a world-class team that can compete on a global stage, while still fostering a uniquely Nigerian identity and addressing the local market's needs?
A: My strategy is three-fold: Purpose, Pay, and Power.
• Purpose over Perks: We tell developers, while your counterpart in London is optimizing algorithms for high-frequency trading, you are building an AI that enables a pepper farmer in Jigawa to receive Salam financing based on satellite imagery of his farm. You are not just coding; you are digitally uplifting your community. That visceral connection to local impact is a powerful retainer.
• Pay for Global Parity: Benchmark salaries against the global market and o er performance-linked profit-sharing, which aligns perfectly with the Islamic finance principle of risk and reward sharing.
• Power (Autonomy): Give your teams ownership. If a product manager identifies a need for a new Ijara (leasing) product for commercial tricycles (Keke NAPEP), they are empowered to lead the cross-functional team to build, test, and launch it. This intrapreneurship satisfies the hunger for meaningful impact that a remote job abroad often cannot.
Q: You've built robust relationships with both public and private sector organizations. How do you envision a truly integrated financial ecosystem in Nigeria, where traditional banks, fintechs, and government services seamlessly interact
A: I envision a financial Super Highway built on three synchronized lanes:
• Lane 1: The Regulator and Infrastructure (Government): This is the foundation, NIN for digital identity, NIBSS for instant payments, and a robust Open Banking API framework.
• Lane 2: The Stability Providers (Traditional & Non-Interest Banks): They are the secure custodians of deposits and capital. They provide the balance sheet and Sharia-compliant structures for large-scale financing.
• Lane 3: The Innovators (Fintechs): They are the agile vehicles on the highway, building user-friendly applications on top of the infrastructure.
Q: Beyond the certifications and titles, what is the single most important principle that drives your work in business transformation?
A: It is simply an obsessive focus on value realization. We must constantly ask: Does this new application help us disburse a Mudarabah investment to a SME faster? Does this AI project help a customer avoid a poor financial decision? If a technology doesn't map directly to a tangible improvement in the customer's life or the bank's stability, it is merely a costly distraction. In a market like Nigeria, we cannot a ord transformation for transformation's sake.
Q: What does "business continuity" mean to you, and how do you inspire that sense of purpose in the teams you lead?
A: Business Continuity is the bedrock of trust. It's not about recovering after a failure; it's about ensuring services are uninterruptible during a crisis, be it a national grid collapse or civil unrest. I tell developers and product managers that when you design a redundant power system for a data center, you are not just checking a box. You are ensuring that when a mother in a remote village needs to use her mobile wallet to buy malaria medication for her child during a blackout, the transaction goes through. You are the guardian of that mother's peace of mind. This frames their technical work as a vital social and ethical duty.
Q: Beyond a standard ROI calculation, what qualitative or long-term metrics do you use to justify the investment in a new technology or market entry, especially when the payo isn't immediate?
We look beyond the immediate Naira returns to three strategic indicators:
• Platform Agility: The true value of investing in a modern cloud core isn't the first product you launch. It's how that platform allows you to launch your second product, such as a new Wakala (agency) investment product, in 3 months instead of 12, at a fraction of the cost.
• Trust Capital: For a non-interest bank, trust is the currency. You measure investments in transparency and security by the increase in customer retention and the volume of funds entrusted to the bank for longer-term, profit-sharing investments.
• Talent Attractiveness: Does migrating to a modern tech stack help you recruit and retain the best Nigerian tech talents who might otherwise go to Fintechs? A superior team is the ultimate long-term ROI.
We tell developers, while your counterpart in London is optimizing algorithms for high-frequency trading, you are building an AI that enables a pepper farmer in Jigawa to receive Salam financing based on satellite imagery of his farm. You are not just coding; you are digitally uplifting your community
Unmanaged BYOD Is the Biggest Cyber Risk in the Hybrid Workplace
The practice of Bring Your Own Device (BYOD) o ers undeniable convenience and significant cost savings up to R5000 per employee annually for organizations in South Africa and globally. Yet, this convenience has created a critical security vulnerability
According to Anna Collard of KnowBe4 Africa, while up to 84% of organizations globally practice some form of BYOD, a staggering 70% of these devices are unmanaged in Africa. This introduces a “complicated weak link” where productivity meets unparalleled cyber and compliance risks, particularly in hybrid and remote environments.
The informal approach to BYOD, especially common in startups, SMEs, and even some larger firms outside of financial services, introduces significant threats, all stemming from the lack of organizational control:
Data Leakage and Shadow IT: Personal devices easily leak sensitive corporate data via unsecured apps, public Wi-Fi, or cloud storage. The use of “shadow IT” (unapproved apps) proliferates, creating unmonitored entry points for attackers.
Malware and Outdated Software: Employees may unknowingly install malicious apps that harvest data or open backdoors. Compounding this, personal devices often run outdated operating systems or apps that remain unpatched for ages, leaving them vulnerable to known exploits that IT teams cannot see or fix.
False Sense of Security: Many employees, especially younger generations, believe they take cybersecurity more seriously on their personal devices. However, this confidence can be misplaced, leading to weak policies that open the door to insider risk
Addressing the BYOD blind spot requires a strategy that goes beyond simple technology fixes, focusing instead on mitigating the human element
• Establish Policy and Technical Controls: A robust BYOD strategy must start with a clear, communicated policy defining what is allowed and what minimum protection is expected. This must be backed by technical controls, including:
• Strong Authentication: Mandatory Multi-Factor Authentication (MFA) and strong passwords.
• Encryption and Endpoint Security: Ensuring the device and its data are encrypted and running an approved endpoint security solution.
• Network Segmentation: Isolating personal devices from critical corporate assets on the network.
Train Attention and Awareness: The most crucial countermeasure is behavioral. Organizations must educate employees on the specific, nuanced risks of BYOD, moving beyond simple “don’t click links” advice.
Security Awareness Training: Use training to heighten awareness of BYOD-specific risks, like mobile-app phishing, and address risky behaviors, such as reusing passwords for personal and professional accounts.
Simulate Attacks: Run simulated attacks that specifically leverage BYOD vulnerabilities to prepare employees for real threats.
Digital Mindfulness: Encourage employees to slow down and question suspicious behavior, especially when using personal devices for work.
The informal approach to BYOD, especially common in startups, SMEs, and even some larger firms outside of financial services, introduces significant threats, all stemming from the lack of organizational control
The Executive Mandate for Proactive Fraud Governance
Fiyinfolu Okedare on Shifting from Reactive Investigation to Strategic Risk Management and the Power of Integrated GRC
Fiyinfolu Okedare
In this exclusive interview, Fiyinfolu Okedare, Director of Consulting (FCA, CISA, CFE, CRISC), provides executive leadership with a clear roadmap for dismantling traditional, reactive fraud strategies. Mr. Okedare argues compellingly that to succeed in the digital economy, organizations must view fraud not as an audit issue, but as a fundamental strategic business risk that requires executive ownership from the Board down.
He details the practical steps for this transition: leveraging advanced analytics to catch anomalies in real-time, enforcing the integrity of critical systems against privileged access misuse, and redesigning core workflows where fraud vulnerabilities most frequently surface. Mr. Okedare also shares critical insights into the technical challenges of extracting forensic evidence from complex ERP systems and outlines how the future of fraud investigation demands preparation for blockchain obfuscation. This conversation is essential for CEOs and Board members seeking to integrate IT auditing, fraud examination, and risk management into a unified framework that builds resilience and protects long-term shareholder trust.
Q: As a Director of Consulting, how do you advise executive leadership to transition their fraud prevention strategy from a reactive approach (investigation) to a proactive one focused on Fraud Risk Assessment?
A: As Director of Consulting, I stress that e ective fraud prevention is about staying ahead of bad actors, not just catching them post-factum. By treating fraud as a business risk, rather than merely a compliance issue, we encourage executive alignment to integrate fraud risk into enterprise risk management. This shift moves organizations from reactive investigations to proactive assessments that identify vulnerabilities before they escalate. We begin by mapping critical processes such as finance, procurement, HR, and IT through a fraud lens. ICFR audits help pinpoint existing controls, gaps, and access privileges, forming the backbone of a tailored Fraud Risk Assessment. To enhance this e ort, I advocate for cross-functional fraud risk committees that bring together finance, internal audit, IT, and compliance, fostering collaboration to drive coordinated mitigation strategies.
While technology supports our initiatives, a strong culture is vital for lasting change. By viewing fraud risk management as a safeguard for assets and stakeholder trust, organizations can transition it from a cost to a strategic investment, ultimately driving transformation.
Q: How has the use of advanced analytics and automated monitoring fundamentally changed the e ciency and accuracy of identifying high-risk transactions or anomalies during a fraud risk assessment?
A: Advanced analytics and automated monitoring have really changed the game for how we look at fraud risk. In the past, finding high-risk transactions relied a lot on manual checks and fixed rules. Now, thanks to machine learning and behavioral analytics, we can spot patterns that might go unnoticed by our eyes, all while analyzing tons of data in real-time. At Forvis Mazars, we've deployed Atlas Analytics that don’t just flag unusual activity but also learn from historical fraud cases. This approach allows us to identify outliers, recognize unusual transaction patterns, and even detect transactions occurring during atypical or high-risk hours, signals that often indicate potential fraudulent behavior. The best part? Speed! When it comes to fraud detection, getting ahead of the problem can make all the di erence. By embedding analytics into our fraud risk assessments, we help clients transition from just reacting to potential fraud to proactively addressing risks, often catching issues before they escalate into real losses.
Q: Given the rise of digital services, which two types of Technology Risks do you find are most frequently exploited by fraudsters today, and how should organizations mitigate them?
Executive Mandate for Proactive Fraud Governance
Fiyinfolu Okedare
A: In today's digital landscape, two key technology risks often exploited by fraudsters are privileged access misuse and insecure third-party integrations. These risks can bypass traditional defenses and take advantage of inherent trust within systems, making them particularly concerning. Privileged access misuse typically involves internal actors or compromised credentials that enable unauthorized changes to critical records and systems. To mitigate this risk, organizations should implement strict role-based access controls and enforce Multi-Factor Authentication (MFA) across all essential systems. Similarly, third-party integrations, like APIs, can introduce vulnerabilities when vendor controls are lacking. Conducting thorough vendor risk assessments and monitoring these integrations for anomalies is crucial, while in essence, e ective technology risk management must be woven into fraud governance to secure not only systems but also the trust we establish across every digital touchpoint.
Q: Your experience covers Business Process Re-engineering. Where in the typical business lifecycle do you see the most significant fraud vulnerabilities that require immediate process redesign?
A: Fraud vulnerabilities often surface during transaction processing and approval stages, particularly in procurement, payroll, and expense management. Organizations that rely on legacy processes with manual approvals and siloed systems can face risks like duplicate payments and fictitious vendors.
In my Business Process Re-engineering initiatives, we aim to redesign these workflows to include preventive controls, such as automated validation rules and audit trails. Change management and system configuration are also critical areas where fraud can be introduced through unauthorized changes to master data. Without a robust review process, these changes can go unnoticed until significant losses occur. By redesigning processes with a focus on fraud prevention, we enhance transparency, accountability, and automation. Balancing e ciency and resilience is crucial. This proactive approach allows organizations to shift from reactive measures to e ective governance, staying one step ahead of potential fraud risks.
Q: Fraud investigations often involve navigating complex IT environments, including ERP systems like SAP, Oracle EBS, or T24. What is the biggest challenge when extracting reliable forensic evidence from these major integrated platforms?
A: The biggest challenge in obtaining reliable forensic evidence from ERP platforms like SAP, Oracle EBS, or T24 is the complexity and fragmentation of audit trails. Designed for operational e ciency, these systems often scatter critical logs across various modules, databases, and middleware layers. In fraud investigations, time is critical. Retrieving meaningful evidence, such as user actions and data changes, requires a thorough understanding of the system and the ability to craft custom queries. Without proper logging configurations, key evidence may be incom-
plete or inaccessible, making it even harder to piece together events. Additionally, data normalization complicates the situation further, as di erent ERP systems structure their logs uniquely. This inconsistency can hinder e orts to correlate events or establish a clear timeline, particularly in environments where fraud spans multiple systems, such as finance, procurement, and HR. Organizations should embrace proactive forensic readiness to secure useful audit trails e ectively.
Q: You conduct Vulnerability Assessments and Penetration Testing. How do the insights gained from o ensive security testing directly inform and improve the scope and e ectiveness of a Fraud Investigation?
A: O ensive security testing, particularly through vulnerability assessments and penetration testing (VAPT), o ers critical insights into how fraud can exploit technical weaknesses. By simulating real-world attacks, these assessments expose entry points for unauthorized access or data manipulation that traditional audits might miss. Misconfigured firewalls or exposed APIs may not generate compliance alerts, yet they can serve as significant avenues for data breaches.
Africa's Top 40 Under 40 AI Achievers
From Policy Shapers to Code Poets, Meet the African Luminaries Redefining Global AI
The true frontier of ethical, applied, and transformative AI is increasingly found across the African continent. This year, the Society for AI has released its definitive list of the TOP 40 UNDER 40 AI Achievers, a powerful testament to the continent's profound influence on global technology.
The honorees are judged on a rigorous criteria, including impact on policy, technological innovation, and scale of work, demonstrating a shift from simply consuming technology to actively governing and creating it.
Tier 1: Global Icons—The Architects of AI Governance (Ranks 1–8)
The top tier features luminaries who are not just building AI, but are actively shaping its ethics and global policy at the highest levels.
1st: Dr. Joy Buolamwini (Ghana): Crowned the leader, Dr. Buolamwini is celebrated as a computer scientist, poet of code, and founder of the Algorithmic Justice League (AJL). Her groundbreaking research exposing racial and gender bias in commercial facial recognition systems (the Coded Gaze) has forced global tech giants like IBM and Microsoft to overhaul their algorithms and laid the foundation for national
2nd: Kate Kallot (Central African Republic): Named one of TIME's 100 Most Influential People in AI, Kallot is the Founder and CEO of Amini. Her work directly addresses environmental data scarcity in Africa and the Global South, leveraging geospatial data and AI to support millions of smallholder farmers and accelerate the regeneration of natural capital.
3rd: Chinasa T. Okolo, Ph.D. (Nigeria): Dr. Okolo is recognized for her extraordinary influence on AI policy. As a Fellow at the Brookings Institution and Consulting Expert for the African Union, she was instrumental in developing the AU-AI Continental Strategy, ensuring African perspectives on ethics, safety, and governance are integrated into global discourse.
4th: Silas Adekunle (Nigeria): The robotics pioneer who secured a landmark deal with Apple for his MekaMon gaming robot has pivoted to address critical African challenges. Through Awarri, he is now leading the development and adoption of foundational technologies, including Nigeria's first multilingual, open-source Large Language Model (LLM), establishing vital digital infrastructure.
This tier sets the precedent; African excellence in AI is defined by a commitment to accountability, equity, and purpose-driven application.
Tiers 2 & 3: Pioneers and Champions Building the Continent's Backbone (Ranks 9–24)
The middle tiers showcase the International Pioneers and Continental Champions innovators building the bridges between research and real-world impact across Africa. Rachel Adams , Darlington Akogo , and Chido Dzinotyiwei are among those whose international recognition confirms that African-led innovation is no longer a regional curiosity, but a global necessity. Charlette N'Guessan's pioneering work on AI-driven identity verification is solving trust issues, while Muthoni Wanyoike and Neema Mduma lead research initiatives from East Africa that are gaining traction worldwide. Leaders like Jade Abbott , Alex Tsado , and Tejumade Afonja are key figures in the AI open-source community, driving practical adoption and building the platforms that enable African businesses and researchers to harness the technology directly. Their work is fundamentally shaping AI development, training talent, and establishing commercial ventures tailored to local needs.
Africa's AI Achievers
API Security in the Age of Artificial Intelligence
Securing AI-powered systems requires integrating traditional API security fundamentals with specialized AI-centric defense mechanisms.
API Security
• Comprehensive API Discovery and Inventory: You can't secure what you can't see. With the proliferation of AI tools and microservices, Shadow APIs are prime targets. Implement automated API discovery and inventory tools to continuously analyze tra c and identify every active API endpoint, including those connecting to AI models.
• Strong Authentication and Authorization: Robust access control is the first line of defense. The Principle of Least Privilege (PoLP) must be strictly enforced. Enforce modern protocols like OAuth 2.0 or JWT for all APIs, and ensure tokens are signed and rotated.
• Input/Output Hardening and Validation: The greatest risk to AI models comes from malicious input. Every input to an AI API must be treated as hostile. Enforce strict Schema Validation on all inputs and outputs to reject malformed or oversized requests, preventing both traditional attacks and AI-specific prompt injections.
The rapid adoption of Artificial Intelligence and Generative AI is transforming business processes, but it's simultaneously creating a larger, more complex attack surface. As the connective tissue of modern applications, APIs are the primary way AI models, data pipelines, and third-party services communicate.
AI fundamentally changes the API threat landscape in two key ways:
• AI Agents as Super-Callers: Where human users once initiat ed API calls manually, AI agents now make requests autono mously, at machine speed, and at a far greater scale. This massive increase in machine-to-machine tra c makes traditional rate limiting and anomaly detection challenging, as the normal baseline of tra c becomes volatile and unpredict able.
• New Attack Vectors: The AI stack itself introduces novel security flaws that can be exploited via APIs: Prompt Injection, Data Leakage/Exfiltration, Model Poisoning, and LLMjacking.
Best Practices for API Security in the AI Era
Securing AI-powered systems requires integrating traditional API security fundamentals with specialized AI-centric defense mechanisms.
Leverage AI for Defense: The arms race demands using AI against itself. Traditional signature-based defenses struggle against the polymorphic nature of AI-generated attacks. Integrate AI-driven behavioral analytics and anomaly detection tools. These tools can learn the normal behavior of an AI-powered API, even machine-to-machine tra c, and flag subtle, slow-burning attacks like data scraping or model manipulation that would evade simple rules.
Ensure End-to-End Data Security: Protecting sensitive data must be paramount across the entire AI lifecycle. Enforce HTTPS/TLS Encryption for all data in transit. Apply Encryption for Data at Rest, particularly for highly sensitive training data and stored model artifacts.
By combining the fundamentals of robust API security with a proactive, AI-aware approach to input validation and threat detection, organizations can responsibly leverage the power of AI while e ectively defending their critical digital connections.
As the connective tissue of modern applications, APIs are the primary way AI models, data pipelines, and third-party services communicate.
Magic Quadrant™ for Exposure Assessment Platforms
Tenable Crowned a Leader in Inaugural Gartner® Magic Quadrant™ for Exposure Assessment Platforms
Magic Quadrant
The Exposure Management Company is Positioned Highest for Execution and Furthest for Vision in the Critical New Security Category Tenable® has secured a major win, being named a Leader in the first-ever 2025 Gartner® Magic Quadrant ™ for Exposure Assessment Platforms. This recognition solidifies Tenable’s leadership in the market, with the company positioned highest for Ability to Execute and furthest to the right for Completeness of Vision.
This pivotal recognition from Gartner validates Tenable’s strategic shift to proactive exposure management. As the modern attack surface grows more complex, encompassing AI, cloud, IT, identity, and OT, simply reacting to threats is no longer su cient.
Mark Thurmond, Co-CEO, Tenable, noted the significance of this milestone: “To us, being named a Leader in the very first Gartner Magic Quadrant for Exposure Assessment Platforms is a huge stamp of approval for the approach we’ve taken Our whole strategy is about getting ahead of the exposures, and we're seeing how much that proactive approach is paying o for our customers.”
At the core of Tenable’s market leadership is the Tenable One Exposure Management Platform. This platform is designed to provide organizations with the most comprehensive, contextualized view of risk across their entire attack surface. It moves beyond traditional vulnerability scanning to reveal organizations' exposure and provide guidance on how to quickly close those security gaps.
The platform provides:
• Holistic Visibility: A single view of risk across cloud, IT, identity, web apps, and OT environments.
• Risk-Based Analytics: Advanced prioritization capabilities to focus resources on the exposures that matter most.
• Open Ecosystem: Integration with 300+ third-party tools, enabling organizations to take control of their cyber risk.
Tenable's early adoption of the Exposure Management philosophy aligns perfectly with Gartner’s concept of Continuous Threat Exposure Management (CTEM). Exposure Assessment Platforms are the foundational technology required to support the CTEM framework, helping organizations preemptively reduce cyber risk.
With over 44,000 organizations trusting Tenable, the company is demonstrating that a unified, proactive approach is essential for the modern enterprise. As Thurmond emphasized, “With the weaponization of AI, detection and response is
no longer adequate. That’s what exposure management is all about, and Tenable One is the only platform that delivers it.”
This Gartner achievement joins other recent accolades, including Tenable being positioned as a Leader in both the:
• IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment
• The Forrester Wave™: Unified Vulnerability Management, Q3 2025
Mark Thurmond
Chief operating o cer, Tenable
The inaugural Gartner Magic Quadrant for Exposure Assessment Platforms confirms that Tenable is a market leader, driving the critical shift from reactive vulnerability management to proactive exposure management. The Tenable One platform is the premier tool for organizations seeking a complete, contextualized view of cyber risk and the ability to close exposures before attackers can exploit them.
Tenable One Exposure Management Platform moves beyond traditional vulnerability scanning to reveal organizations' exposure and provide guidance on how to quickly close those security gaps.
WhatsApp Unveils ‘Lockdown Mode’ to Shield High-Risk Users from Targeted Cyber Attacks
A new, one-stop security feature in the Android beta bundles powerful privacy controls to protect activists, journalists, and anyone facing advanced digital threats.
WhatsApp is stepping up its defenses with a powerful new security feature: Lockdown Mode. Currently being tested in the Android beta (2.25.33.4), this consolidated setting is designed to shield users who face a higher risk of targeted cyber attacks.
Instead of forcing users to navigate scattered privacy menus, Lockdown Mode o ers a one-stop security check. With a single toggle, it instantly applies the platform’s most restrictive settings, making it easier for non-technical users to harden their accounts. This lockdown-style approach takes several critical steps to minimize the “attack surface” on a user’s device:
• Blocking Media and Attachments: Perhaps the most crucial defense, this mode prevents automatic downloads of photos, videos, documents, and voice notes from unknown contacts. Since multimedia can carry malware or malicious links, forcing the user to manually approve a download significantly reduces the risk of infection.
• Restricting Link Previews: When enabled, WhatsApp normally generates previews of linked websites, which involves a background request that can inadvertently leak device data like IP addresses. Lockdown Mode disables this, adding another layer of data protection for at-risk users.
• Default Restrictive Settings: It locks various other privacy controls at their highest level, providing comprehensive account hardening without requiring the user to check multiple settings.
While these stricter defaults are a significant win for safety, they introduce some practical challenges:
• Users who regularly rely on receiving documents or media from new contacts, such as journalists, small businesses, and aid workers, may find their workflows slowed down. They will need to manually approve content, which can lead to frustrating interactions.
• For a successful rollout, WhatsApp must provide clear messaging inside the app. If a friend sends a document but sees no download or preview, they may not understand why and repeatedly resend the content. Clear user prompts on what changed and how to reverse it are essential.
Lockdown Mode is a logical and necessary evolution, making advanced security measures accessible to everyone. Its success will rely on providing sensible default protections while o ering clear, simple controls that minimize user confusion.
