THE CHANGING LANDSCAPE OF AFRICAN CYBER SECURITY

The 2020 KnowBe4 African Report collated insights from eight hundred and eighty one  respondents across South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana to discover how the continent views cyber security and its risks in a world shaped by a global pandemic. The report found that attitudes and behaviours had shifted as a result of the pandemic, but problem pockets of risk remain that need to be addressed in order to ensure both business and individual security.

“Nearly  fifty per cent  of the respondents will continue to work from home;  twenty four per cent  indicated that they were affected by cybercrime while working from home, and only  thirty per  cent   believed that their governments prioritised cyber security in their policies,” says Anna Collard, SVP of content strategy and evangelist, KnowBe4 Africa. “This year, respondents were even more concerned about cybercrime compared with 2019, with the number rising by ten per cent to forty seven point six one per cent. Across all eight countries, there is   a growing awareness of the risks that come with cybercrime.”

However, people are still taking unnecessary risks. Around sixty three point nine eight per cent would give away their personal information if they believed that there was a need for it, or if they understood what it was being used for, which is a measured response in light of government and organisation requests for data to verify identity. However, the concern lies in the seven per cent   who would give away personal information if they got something back in return, like a discount, and the six per cent who do it all the time.

This is supported by the fact that only  forty  six  per cent  could define ransomware, nearly twenty  per cent  have forwarded a spam or hoax email,  thirty per cent  have clicked on a phishing email,  thirty three point four one per cent  have fallen for a con artist or a scam, and fifty  two  point  seven  per cent  have had a virus on their  personal computer.

“In South Africa, a worrying  thirty one point five per cent have  thought that a Trojan virus encrypts files and demands payments, highlighting the need for training and education; especially considering that  forty   per cent  of respondents think they would comfortably recognise a security threat if they saw one,” says Collard. “Most people don’t realise what a risky email looks like or how their actions could result in their systems becoming infected.”

Email security is one of the biggest threats facing the average user, both at work and at home, and it is one of the most common communication methods – nearly eighty seven  per cent  use email for work, closely followed by WhatsApp at eighty five per cent.  For their private lives, WhatsApp is the most popular communication channel on the continent, with ninety six per cent of respondents chatting on it with their friends and families. Seventy-seven percent reported the pandemic changed the way they work, with more than fifty per cent changing this for the foreseeable future.

“For organisations, it has become critical that they train employees on security best practices and the various methodologies used by cybercriminals,” concludes Collard. “People need more help in learning about cyber threats, especially since fifty per cent are continuing to work from home. Employee training is one of the most important defence mechanisms – employees need to learn how to spot social engineering and phishing attacks, understand why weak passwords put them at risk  and how multi-factor authentication works. They should also learn how to protect their home networks and what to do in the event of a security incident.”

Education and awareness have become important in protecting people and organisations from the cyber security risks out there, especially as many continue to work from home. For businesses looking to remain alert and minimise the human risk in cyber security, training and awareness are the best first steps to supporting employees and embedding a culture of security within the organisation.