African Cybersecurity Undergo a Change
The 2020 KnowBe4 African Report collated insights from 881 respondents across South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana to discover how the continent views cybersecurity and its risks in a world shaped by a global pandemic. The report found that attitudes and behaviours had shifted as a result of the pandemic, but problem pockets of risk remain that need to be addressed in order to ensure both business and individual security.
Key findings:
- The COVID-19 pandemic has fundamentally changed how people live, work and approach security, and 24% of the respondents indicated that they were affected by cybercrime while working from home.
- Sixty-seven percent of those surveyed use their smartphones on a regular basis for both payments and mobile banking.
- The number of people concerned about cybercrime has risen to 48% (from 38% in 2019).
“Nearly 50% of the respondents will continue to work from home; 24% indicated that they were affected by cybercrime while working from home, and only 30% believed that their governments prioritised cybersecurity in their policies,” says Anna Collard, SVP of content strategy and evangelist, KnowBe4 Africa. “This year, respondents were even more concerned about cybercrime compared with 2019, with the number rising by 10% to 47.61%. Across all eight countries, there’s a growing awareness of the risks that come with cybercrime.”
However, people are still taking unnecessary risks. Around 63.98% would give away their personal information if they believed that there was a need for it, or if they understood what it was being used for, which is a measured response in light of government and organisation requests for data to verify identity. However, the concern lies in the 7% who would give away personal information if they got something back in return, like a discount, and the 6% who do it all the time.
This is supported by the fact that only 46% could define ransomware, nearly 20% have forwarded a spam or hoax email, 30% have clicked on a phishing email, 33.41% have fallen for a con artist or a scam, and 52.7% have had a virus on their PC.
“In South Africa, a worrying 31.5% thought that a Trojan virus encrypts files and demands payments, highlighting the need for training and education; especially considering that 40% of respondents think they would comfortably recognise a security threat if they saw one,” says Collard. “Most people don’t realise what a risky email looks like or how their actions could result in their systems becoming infected.”
Email security is one of the biggest threats facing the average user, both at work and at home, and it is one of the most common communication methods – nearly 87% use email for work, closely followed by WhatsApp at 85%. For their private lives, WhatsApp is the most popular communication channel on the continent, with 96% of respondents chatting on it with their friends and families. Seventy-seven percent reported the pandemic changed the way they work, with more than 50% changing this for the foreseeable future.
“For organisations, it has become critical that they train employees on security best practices and the various methodologies used by cybercriminals,” concludes Collard. “People need more help in learning about cyber threats, especially since 50% are continuing to work from home.
Employee training is one of the most important defence mechanisms – employees need to learn how to spot social engineering and phishing attacks, understand why weak passwords put them at risk, and how multi-factor authentication works. They should also learn how to protect their home networks and what to do in the event of a security incident.”
Education and awareness have become key in protecting people and organisations from the cybersecurity risks out there, especially as many continue to work from home. For businesses looking to remain alert and minimise the human risk in cybersecurity, training and awareness are the best first steps to supporting employees and embedding a culture of security within the organisation.