Key findings: The pandemic is still playing a major role in influencing working behaviours and patterns. Only 38% of respondents have returned to their offices or are accessing the internet from their office network, while 55% continue to work from home; 32% of respondents were affected by cybercrime while working from home, and one-third (33%) of the attacks were social engineering; The number of people concerned about cybercrime has risen to 72%.
The 2021 KnowBe4 African Cyberthreat Report focused on key metrics around cybersecurity awareness and behaviours to gain a holistic view of the continent’s cyber stance and how users perceived the threats. Collating insights from 763 respondents across South Africa, Botswana, Egypt, Ghana, Kenya, Morocco, Mauritius and Nigeria, the report highlights some of the gaps that remain in security awareness in spite of the risks posed by the pandemic and the evolution of hybrid working frameworks.
“The pandemic remains a central issue for most users when it comes to how they plan to work and live in the future,” says Anna Collard, SVP Content Strategy & Evangelist KnowBe4 Africa. “This year, nearly 55% plan to continue working from home. Respondents are increasingly concerned about the risk of cybercrime at 72%, however, the trend this year has been an increase in overall security confidence, which is not necessarily earned. People think they know more than they do and this is causing issues.”
The challenge is that people are still taking unnecessary risks, in spite of their growing awareness and understanding of cybercrime. Around 10% are very likely to share their personal information and 54% will trust an email from someone they know, even though 36% have fallen for a phishing email and 55% have had a malware infection. These numbers are up from 2020, and are compounded by the fact that most users believe that they can confidently identify a security incident (44%) but only 46% could accurately identify ransomware – a small drop from 2020 at 47%.
The concern is that more than 30% of users do not know what two-factor authentication is, 40% are not using a secure password – 20% believed that P@$$word! was a strong password – and yet 63% use their mobile devices to do payments or banking. They are putting themselves at risk with poor password hygiene and limited security controls.
“Email remains one of the biggest security threats,” says Collard. “People are still very trusting of emails they have received from people they know (54%, up 2% from 2020), even though those email accounts could have been impersonated or hacked. There is definite need to educate people around the rising social engineering threats around emails, social media, chat apps and the phone (vishing).
The report found that while people are paying more attention to security, they are still falling prey to scams and attacks that they could have avoided. From social engineering to investment scams, the threats are gaining ground. Considering that around 34% have lost money because they fell victim to a scam, and 26% have experienced a social engineering attack over the phone, it is clear that cybercriminals remain determined to use any means necessary to catch people unaware.
“For organisations, it has become critical that they train employees around security best practices and the various methodologies used by the cybercriminal,” concludes Collard. “People need more help in learning about how to stay safe online at home, the office and on the road. Perhaps the worst mistake is that they believe they are security smart and can identify the risks, when they actually cannot. This is putting both them and their company at risk.”
Building a security culture, or in other words, strengthening the human defence layer and making them aware of how to detect and prevent social engineering attacks is a crucial element in organisational cybersecurity posture, especially as many people continue to work from home.