Technological Advancement and Cybersecurity
It is difficult to talk about technological advancement without mentioning cybersecurity. As technology grows so does the need to protect it. Whether you work in an information security firm or you just use gadgets to surf the web, cybersecurity is at the center of your activities.
As the risks associated with modern technology increase, experts and other key tech players have been in the front line in spreading cybersecurity and cybercrime awareness. Notwithstanding, many people are still taking unnecessary risks in one of the continents that face a huge risk regarding cybersecurity.
Hybrid working patterns
The pandemic continues to force us to adopt new working behaviors and routines. In Johannesburg, South Africa a meager 38 percent of workers have returned to the office while 55 percent work from home. KnowBE4 conducted cybersecurity research last year to investigate cyber awareness in the continent. The report indicates that 32 percent of respondents were victims while working from home and 33 percent of the attacks were social engineering. The number of employees concerned about cybercrimes has shot to 72 percent.
The 2021 KnowBE4 African Cyberthreat Report was built towards cybersecurity awareness and behaviors to get a comprehensive picture of Africa’s cybersecurity position and how users perceive the underlying threats.
The report captures data from 763 respondents from South Africa, Botswana, Egypt, Ghana, Kenya, Morocco, Mauritius, and Nigeria. Essentially, the report highlights the existing hiatus in cybersecurity awareness despite the threats brought about by the epidemic and new working frameworks.
“The pandemic remains a central issue for most users when it comes to how they plan to work and live in the future,” says Anna Collard, Senior Vice President Content Strategy & Evangelist KnowBe4 Africa. “This year, nearly 55 percent plan to continue working from home. Respondents are increasingly concerned about the risk of cybercrime at 72%, however, the trend this year has been an increase in overall security confidence, which is not necessarily earned. People think they know more than they do, and this is causing issues.”
Trust Issues in Cybersecurity
Let’s look at the numbers. 10% of online users are highly likely to share their personal information, 54% trust emails from known sources, despite 36% falling for phishing scams and 55% experiencing malware infections. Both phishing scams and malware incidents went up in 2020 as 44% believe they can identify a security incident while 46% think they can detect ransomware.
You might have heard of two-factor authentication or 2FA for short. 2FA is a form of authentication whereby users must provide two forms of identification to gain access. The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina. Well, 30% of the respondents have never heard of 2FA.
The reports show that 40% of the respondents don’t use safe passwords. Surprisingly, 20% believed that P@$$word! was a strong password – and yet 63% use their mobile devices to do payments or banking. They risk falling victims to fraudsters and hackers with such weak passwords and poor security controls.
“Email remains one of the biggest security threats,” says Collard. “People are still very trusting of emails they have received from people they know (54%, up 2% from 2020), even though those email accounts could have been impersonated or hacked. There is a definite need to educate people around the rising social engineering threats around emails, social media, chat apps and the phone (vishing).”
The data shows that people are perturbed by cyber threats and yet they continue to fall victim to cybercrimes. Threats like social engineering and investment scams are increasingly becoming popular. In 2021, 34% were lured to investment scams and 26% encountered social engineering attacks via mobile phones – a clear indication that cybercriminals keep on innovating new ways to launch attacks on unsuspecting users.
“For organizations, it has become critical that they train employees around security best practices and the various methodologies used by the cybercriminal,” concludes Collard. “People need more help in learning about how to stay safe online at home, the office, and on the road. Perhaps the worst mistake is that they believe they are security smart and can identify the risks when they cannot. This is putting both them and their company at risk.”
What needs to be done
Cybersecurity strategies should be majorly geared towards prevention – they say prevention is better than cure. An excellent strategy to deal with the challenge in Africa is cybersecurity awareness. Educating users on cybersecurity threats and the ways of protecting themselves can be a huge step in the right direction.
Once users learn about potential risks and how to avoid them, cases of cyber-attacks will drastically go down. Government organizations should liaise with tech firms and financial institutions to spearhead cybersecurity campaigns.
For instance, businesses can have a cybersecurity newsletter program to frequently update their customers on potential threats and ways of protecting themselves. Banks can inform their customers through text messages on potential mobile banking risks.
Another strategy is enforcing two-factor authentication protocols in sensitive information systems such as mobile payment applications. While 2FA exists in most systems, it is optional in many.
Companies running such systems want to enhance the efficiency of the system by reducing the steps required to access a particular section. I am all in for an intuitive system but it’s vital to balance between user-friendliness and system security. Rejecting 2FA to enhance user experience is like removing locks from your doors – be damn right strangers will get in.
Moreover, companies that fail to protect their users should be held accountable. Accountability in the technology world is quite unspecific. It is common to hear that users must protect themselves from cyber threats – and yet some threats are deeply rooted in companies’ failure to enforce effective security measures. Organizations ought to be held accountable for attacks that result from their negligence.
This is easy in theory, but very complicated in practice because of insufficient legislation to punish such organizations. Ergo, laws are needed to protect users by pushing firms to act accordingly.
Do you think African institutions need to do more to protect users by mitigating cyber threats? Leave a comment below.