Poor awareness still a challenge to African cybersecurity, finds KnowBe4
AREPORT ON AFRICA’S CYBERSECURITY AWARENESS CON DUCTED by leading security awareness platform, KnowBe4, has revealed that many individuals and organisations across the continent continuously fall prey to scams and attacks ranging from social engineering to investment scams that they could have avoided due to poor awareness and understanding of cybercrime operations.
The 2021 cybersecurity and awareness report, which focused on key metrics around cybersecurity awareness and behaviours to gain a holistic view of the continent’s cyber stance and how users perceived the threats, collated insights from 763 respondents across Botswana, Egypt, Ghana, Kenya, Mauritius, Morocco, Nigeria and South Africa.
KnowBe4 asserted that cyberthreats are gaining ground across the continent considering that around 34 percent of respondents have lost money because they fell victim to a scam, while 26 percent have experienced social engineering attacks over the phone.
The report raised concern that over 30 percent of mobile device users do not know what two-factor authentication is, 40 percent are not using a secure password, and 20 percent believe that “P@$$word” was a strong password.
It was further noted that 63 percent of people under this category use their mobile devices to do payments or banking, putting themselves at higher risk with poor password hygiene and limited security controls.
Reacting to this, Anna Collard, senior vice president, content strategy & evangelist at KnowBe4 Africa, stated that there has been an increase in overall security confidence which is not necessarily earned as many believe they are security smart and can identify the risks, when they actually cannot, thereby putting both them and their companies at risk.
According to Collard, email remains one of the biggest security threats to users, considering that they are still very trusting of emails they have received from people they know even though those email accounts could have been impersonated or hacked.
“Around 10 percent are very likely to share their personal information and 54 percent will trust an email from someone they know, even though 36 percent have fallen for a phishing email and 55 percent have had a malware infection.
These numbers are up from 2020, and are compounded by the fact that most users believe that they can confidently identify a security incident but only 46 percent could accurately identify ransomware,” she noted.
Hitting on areas that need to be addressed in 2022 to ensure robust and strategic cybersecurity, KnowBe4 recommended the need for people to be properly educated on the rising social engineering threats around emails, social media, chat apps and phone vishing.
Organisations were also advised to train employees around security best practises and the various methodologies used by cybercriminals.
It was further recommended that building a security culture by making users aware of how to detect and prevent social engineering attacks is a crucial element in organisational cybersecurity posture, especially as many people continue to work from home in the aftermath of the COVID-19 pandemic.