Criminal masterminds, smart attack vectors, clever phishing tactics and sophisticated cybercrime methodologies are putting people and platforms at risk. Anna Collard, SVP, Content Strategy and Evangelist at KnowBe4 Africa, reviews the findings of the organisation’s poll which assessed cybersecurity awareness in Africa – determining employee understanding and preparedness when it comes to mitigating cyber-risk.
The digital landscape is overflowing with an ever-evolving array of solutions and services created to make lives easier, offices smoother and engagements richer. Smartphones, applications, social media, Artificial Intelligence (AI) platforms and multiple other tools have all become part and parcel of daily life on the African continent, transforming how people connect, collaborate and engage.
“We undertook a poll to assess cybersecurity awareness in Africa and discovered that some of the key issues facing organisations right now were awareness and understanding,” said Anna Collard, SVP, Content Strategy and Evangelist at KnowBe4 Africa. “Many people still feel safe online and believe that cybercrime will not affect them personally. Others expect their work to take care of their cyber safety or do not know how to mitigate the threats themselves.”
When asked what applications those polled use for work, the most prevalent was WhatsApp (89%), followed by email (80%).
“WhatsApp is the most used app across both personal (98%) and business use cases,” Collard added. “While email remains the most popular form of business communication on the continent, it is still immensely popular for personal use. Both platforms are high-risk for cyberthreats such as phishing, ransomware and fraud, so these should be a priority for organisations looking to drive awareness and training.”
Connectivity is of course a key concern, as it often introduces vulnerabilities to both professional and personal networks and devices. The survey found that 71% access the Internet through their mobile networks, overlapping with the 71% who access the Internet through home Wi-Fi and 36% who go online through work/office networks, while 12% access the Internet at Internet cafes and 15% use free Wi-Fi at public places.
“The question is – do people understand the risks associated with accessing the Internet in public places and are they putting the right security protocols in place?” said Collard. “Often, people do not even know that they can be hacked while they access free Wi-Fi, or that they can have critical information, like passwords, stolen while they are online.”
This concern is reflected in the research on cybercrime awareness. On a scale of one to five, most said that they were concerned with cybercrime, with 29% saying they were ‘very concerned’ and 38% saying they were ‘concerned’. However, 19% said that they were ‘somewhat concerned’ but that they did not understand the threats or how to mitigate them, while 7% said that they did not believe it affected them personally because their work took care of it and 7% felt safe and ‘not at all concerned’.
“The problem is – everyone should be concerned about cybercrime,” said Collard. “All it takes is for one person to introduce a virus to a system or open up a doorway or lose their passwords and the entire organisation is put at risk. Training has never been more important, especially when there is a clear trend around people feeling like they do not know enough about cybercrime to protect themselves or feel like they do not understand what they need to do to stay informed about the risks.”
This is reflected in the biggest concerns raised by those who were worried about cybercrime, with respondents citing online fraud (51%), identity theft (24%), children and family (14%), lack of understanding (10%) and other concerns (1%) as their primary worries. While over half said that they had received cybersecurity training from their employers, only 21% agreed that the training was adequate, while 10% felt it was not adequate at all.
It is worth noting that many people still were not entirely sure what their roles and responsibilities were around information security (11%) and 45% said that they ‘somewhat agree’ that they could recognise a security incident. Only 34% of people said they felt ‘very confident’ that they could recognise a security incident if they saw one.
Most respondents are hesitant to give away personal information, with 29% saying they tended not to share personal details such as their identity number while 51% said they would share this information only if there was a real need to do so and they understood what it was being used for. Some (13%) part with personal information if they cannot avoid it. Worryingly, 7% are comfortable sharing personal information, with 4% saying they are likely to do so if they can get something in return – such as a discount, and 3% saying they share personal information all the time.
“Then, we look at issues like cyberhygiene and discover that only 43% of respondents could identify what ransomware was, and only 61% could identify a strong password,” Collard said. “A worrying 20% selected P@$$word!, 25% selected thisismysuperwonkyapp#1, 16% chose Summer#123 and 3% chose Grandma1959. Some (6%) said none of these were strong passwords. Only the 62% who chose DSM@8043&! were correct.”
Digging deeper into how well people understand security, the survey asked people to define 2FA. A total of 60% said it was ‘using my password plus something I own, such as a One Time Password generator’. However, 20% said it was ‘entering my password twice for extra security’, 8% said it was Captcha generators, 9% said it was using two different passwords and 4% said it was using a password manager.
Only 17% say none of the common cybercrime tactics have affected them. More than half (51%) said they had previously had a virus infection on their computer, 32% had lost money due to a scam or con artist, 26% had clicked on a phishing mail, 21% had been scammed from a phone call and 17% had forwarded a scam or hoax email.
When checking to determine whether an email is legitimate, 55% said they only trusted emails from people they knew, 54% do not click on links or open attachments they were not expecting and 27% checked for bad grammar or spelling as a sign the mail is not legitimate. A total of 31% Google the sender or topic to see if it is a scam, 23% hover over links to see their origin and 11% do all the listed checks.
Add to this the risks of working from home – 32% said they had moved to work from home and among the 20% who were affected by cybercrime while working from home, a multitude of scams and cybercrimes occurred. These scams ranged from being tricked into crypto investment schemes and identity theft to accidentally downloading viruses and being hacked.
“The entire landscape is a challenge and the only way to thrive within this complexity is to arm your people with the tools and understanding they need to protect themselves,” concludes Collard.