22 Feb African cybersecurity awareness found to be ‘lacking’ in recent report
A recent report on Africa’s cybersecurity awareness has found the continent’s measures to be ‘lacking’.
The report from leading security awareness platform KnowBe4 has revealed many organisations and individuals in Africa have continuously fallen prey to scams and attacks. The attacks range from social engineering to investment scams that could have easily been avoided with more cybersecurity awareness.
The 2021 cybersecurity and awareness report focused on key metrics around behaviours and how users perceive and react to threats. The report collated insights from 763 respondents across Botswana, Egypt, Ghana, Kenya, Mauritius, Morocco, Nigeria and South Africa.
KnowBe4 asserted that cyberthreats are gaining ground across the continent considering that around 34 percent of respondents have lost money because they fell victim to a scam, while 26 percent have experienced social engineering attacks over the phone.
The report raised concern that over 30 percent of mobile device users do not know what two-factor authentication is, 40 percent are not using a secure password, and 20 percent believe that “P@$$word” was a strong password. Further insights found that 63 percent of people under this category use their mobiles for payments or banking, which could put them at risk due to poor passwords or limited security measures.
Anna Collard, senior vice president, content strategy & evangelist at KnowBe4 Africa, stated that whilst there has been an increase in overall security confidence it’s not being shown in security smarts or risk management. According to Collard, email remains one of the biggest security threats to users.
She said: “Around 10 percent are very likely to share their personal information and 54 percent will trust an email from someone they know, even though 36 percent have fallen for a phishing email and 55 percent have had a malware infection.
“These numbers are up from 2020, and are compounded by the fact that most users believe that they can confidently identify a security incident but only 46 percent could accurately identify ransomware.”
The report also addressed areas to work on in 2022 including education on the rising social engineering threats around emails, social media, chat apps and phone vishing.
Organisations were also advised to train employees around security best practice and managing risk, as well as the main methods used by cybercriminals.