Africa’s education sector was the most targeted by cyber attackers during August this year, says Check Point.
During the month of August 2025, Africa reported the highest average volume of cyber attacks. Africa’s education sector remains the most attacked industry, with 4 178 weekly incidents, according to research by Check Point Software Technologies.
The cyber security company’s threat intelligence unit, Check Point Research, released its Global Threat Intelligence Report for August, which showed that organisations worldwide faced an average of 1 994 cyber attacks per week.
While this marked a 1% decline from July, it represented a 10% increase year over year (YOY), reinforcing that the global cyber threat landscape remains at historically high levels, according to Check Point.
Regionally, Africa reported the highest average volume of cyber attacks, at 3 239 weekly per organisation (-3% YOY). Of the four African countries included in the report, Angola suffered the most attacks, at 3 648 per organisation per week (-37% YOY), followed by Kenya at 3 448 per organisation per week (-23% YOY), Nigeria at 3 394 (-19% YOY), and SA at 2 148 (+26% YOY).
Globally, Asia-Pacific recorded 2 877 incidents weekly (+2% YOY) and Latin America also saw high weekly volumes, at 2 865 (+6% YOY), driven by rapid digitisation and uneven investment in cyber resilience.
Europe’s attacks rose by 13% YOY to 1 685 weekly incidents, and North America stood out with a 20% YOY spike to 1 480 weekly attacks, with ransomware fuelling the surge. The US alone accounted for 54% of all ransomware cases worldwide.
According to the research, the high volume of attacks on the education sector reflects both the sector’s ongoing digitisation – creating a wider attack surface – and its traditionally underfunded cyber security defences, making it an easy target for threat actors.
The cyber security firm added that telecommunications companies, vital to both business and consumer connectivity, suffered 2 992 weekly attacks (+28% YOY), highlighting their role as both critical infrastructure and a gateway to downstream targets.
Government institutions, a consistent focus for cyber criminals and nation-state actors, recorded 2 634 weekly attacks (+3%), while agriculture faced the most dramatic growth at 101% YOY, with 1 667 attacks, underlining attackers’ interest in exploiting global supply chains and food security.
The industry’s heavy reliance on technology, IOT sensors and drones makes it an attractive target for threat actors.
Lorna Hardie, regional director: Africa at Check Point Software Technologies, said: “August’s threat data makes one thing clear: cyber attacks are intensifying in both volume and impact. Africa’s top spot as the most attacked region in the world is cause for alarm. We as a continent need to be doing far more to raise cyber security awareness and implement the necessary measures to improve cyber resilience across the board.
“Education, telecoms and agriculture are being targeted because they are essential and because attackers know disruption here creates maximum leverage.”
Ransomware escalation
Ransomware remained an extremely disruptive threat vector, with 531 publicly reported incidents globally in August, up 14% YOY. North America was hit the most, accounting for 57% of reported cases, followed by Europe at 24%.
By industry, industrial manufacturing (13.6%), business services (11.9%) and construction and engineering (10.4%) bore the brunt of attacks. Other sectors, including healthcare, consumer goods and financial services, were also impacted.
Leading ransomware groups included Qilin (16% of attacks), Akira (8%), and Inc. Ransom (6%), the latter notably focusing on healthcare and education – both sectors critical to public trust and daily life.
Omer Dembinsky, data research manager at Check Point Research, added: “With ransomware rising and AI accelerating attack speed, the only sustainable path forward is a prevention-first, AI-powered strategy. Organisations must move beyond detection to real-time prevention, protecting the network, cloud, endpoints and identities in an integrated way. Only by doing so can we build resilience and safeguard critical services against relentless cyber adversaries.”
Hendrik de Bruin, head of Check Point Security Consulting SADC, commented: “Misconfigurations and inadequate deployment of security solutions remain a large contributor to cyber attacks and breaches across Africa. Organisations must ensure that security controls are not just deployed but also deployed according to best practices; only then can they ensure a real reduction in organisational risk.
“With rapid digital adoption and ever-expanding external attack surfaces, vulnerabilities contained within internal or external facing assets, including those intended to provide security, continues to be exploited on a regular basis for initial access purposes. The most recent example involved on-premises Microsoft Sharepoint servers that allowed attackers to gain unauthenticated remote code execution through a vulnerability chain referred to as Toolshell,” De Bruin continued.
He added that companies should consider adopting continuous threat exposure management solutions that can assist with the continuous automated discovery of assets and the risks they face, while also providing automated rapid remediation options including virtual patching and intelligence sharing.
