Major gaps remain in security awareness among computer and smartphone users across Africa, despite the risks posed by the pandemic and the evolution of hybrid working.
This is a key finding of the 2021 KnowBe4 African Cyberthreat Report, focused on the continent’s cyber stance and how users perceived the threats. The survey included 763 consumers and office workers, all of whom are employed, from South Africa, Botswana, Egypt, Ghana, Kenya, Morocco, Mauritius and Nigeria.
“The pandemic remains a central issue for most users when it comes to how they plan to work and live in the future,” says Anna Collard, SVP content strategy at KnowBe4 Africa. “This year, nearly 55% plan to continue working from home. Respondents are increasingly concerned about the risk of cybercrime at 72%, however, the trend this year has been an increase in overall security confidence, which is not necessarily earned. People think they know more than they do and this is causing issues.”
The challenge is that people are still taking unnecessary risks, in spite of their growing awareness and understanding of cybercrime. The study shows around 10% are very likely to share their personal information and 54% will trust an email from someone they know, even though 36% have fallen for a phishing email and 55% have had a malware infection. These numbers are up from 2020, and are compounded by the fact that most users believe that they can confidently identify a security incident (44%), but only 46% could accurately identify ransomware – a small drop from 2020’s 47%.
The concern is that more than 30% of users do not know what two-factor authentication is, 40% are not using a secure password – 20% believed that P@$$word! was a strong password – and yet 63% use their mobile devices to do payments or banking.
They are putting themselves at risk with poor password hygiene and limited security controls, says Collard.
“Email remains one of the biggest security threats. People are still very trusting of emails they have received from people they know (54%, up 2% from 2020), even though those email accounts could have been impersonated or hacked. There is definite need to educate people around the rising social engineering threats around emails, social media, chat apps and the phone (vishing).”
The report found that, while people were paying more attention to security, they were still falling prey to scams and attacks that they could have avoided. From social engineering to investment scams, the threats are gaining ground. Considering that around 34% have lost money because they fell victim to a scam, and 26% have experienced a social engineering attack over the phone, it is clear that cybercriminals remain determined to use any means necessary to catch people unaware.
“For organisations, it has become critical that they train employees around security best practices and the various methodologies used by the cybercriminal,” says Collard. “People need more help in learning about how to stay safe online at home, the office and on the road. Perhaps the worst mistake is that they believe they are security smart and can identify the risks, when they actually cannot. This is putting both them and their company at risk.“
* Download the report here: https://www.knowbe4.com/hubfs/2021-African-Cybersecurity-Research-Report-Whitepaper.pdf