The African Challenge: Cybersecurity Awareness on the Continent

Despite the growing awareness of cybersecurity and cybercrime, the challenge is that people are still taking unnecessary risks.

The pandemic is still changing working behaviours and patterns. In South Africa, Johannesburg only 38% of respondents are back to their offices or are accessing the internet from their office network, while 55% continue to work from home; 32% of respondents were victims of cybercrime while working from home, and one-third (33%) of the attacks was social engineering. The number of people worried about cybercrime has risen to 72%.

The 2021 KnowBE4 African Cyberthreat Report is driven to maintain key metrics around cybersecurity awareness and behaviours to gain a holistic view of the continent’s cyber stance and how users perceived the threats. Collating insights from 763 respondents across South Africa, Botswana, Egypt, Ghana, Kenya, Morocco, Mauritius and Nigeria, the report highlights some of the gaps that remain in security awareness despite the risks posed by the pandemic and the evolution of hybrid working frameworks.

“The pandemic remains a central issue for most users when it comes to how they plan to work and live in the future,” says Anna Collard, SVP Content Strategy & Evangelist KnowBe4 Africa. “This year, nearly 55% plan to continue working from home. Respondents are increasingly concerned about the risk of cybercrime at 72%, however, the trend this year has been an increase in overall security confidence, which is not necessarily earned. People think they know more than they do, and this is causing issues.”

Cybersecurity Trust Issues

Around 10% are very likely to share their personal information and 54% trust emails from someone known, even though 36% have fallen for a phishing email and 55% have had a malware infection. The number has increased in 2020 and are compounded by the fact that most users think they can identify a security incident (44%) but only 46% could identify ransomware – a small drop from 2020 at 47%.

The problem is that more than 30% of users are not aware of what two-factor authentication is, 40% don’t use a safe password – 20% believed that P@$$word! was a strong password – and yet 63% use their mobile devices to do payments or banking. They risk themselves with weak password hygiene and limited security controls.

“Email remains one of the biggest security threats,” says Collard. “People are still very trusting of emails they have received from people they know (54%, up 2% from 2020), even though those email accounts could have been impersonated or hacked. There is a definite need to educate people around the rising social engineering threats around emails, social media, chat apps and the phone (vishing).”

The report found that while people are more concerned about security, they are still being victims of scams and attacks that could be avoided. From social engineering to investment scams, the threats are becoming more popular. Considering that around 34% have lost money because they fell victim to a scam, and 26% have experienced a social engineering attack over the phone, cybercriminals remain determined to use any means necessary to catch people unaware.

“For organisations, it has become critical that they train employees around security best practices and the various methodologies used by the cybercriminal,” concludes Collard. “People need more help in learning about how to stay safe online at home, the office and on the road. Perhaps the worst mistake is that they believe they are security smart and can identify the risks when they cannot. This is putting both them and their company at risk.”

Building a security culture, or in other words, strengthening the human defence layer and making them aware of how to detect and prevent social engineering attacks is a crucial element in organisational cybersecurity posture, especially as many people continue to work from home.