Phishing still a top cyber security risk in Africa: study
Kenyans (75%) and South Africans (74%) are among the African countries most concerned about the risk of cyber crime, according to new research released by KnowBe4.
The study, which sampled eight economic power houses in the region including Kenya, South Africa Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana, found that the continent is ill prepared to deal with cyber crime.
The study found that at least 65% of Internet users in Africa are concerned about cyber crime, but that the majority still fall victim to phishing emails and malware infections.
Kenyans (75%) and South Africans (74%) were the most concerned about the risk of cyber crime and yet respondents were comfortable giving away their personal information as long as they understood what it was being used for, the study revealed.
According to the survey, 53% of Africans surveyed think that trusting emails from people they know is good enough; 28% have fallen for a phishing email and 50 per cent have had a malware infection.
64% don’t know what ransomware is and yet believe they can easily identify a security threat; 52% don’t know what multi-factor authentication is.
“They are vulnerable, as they’re not aware of what they don’t know. From ransomware to phishing to malware and credential theft, users are not protecting themselves adequately because they mistakenly think they’re informed, ready and prepared. Around 55% believe that they would recognise a security incident if they saw one.
Email remains one of the most successful forms of cyber attack, the report says. People are quick to click on links or attachments sent to them from people who they know, not realising that cyber criminals have potentially hacked or spoofed (impersonated) their friend’s, colleague’s or suppliers’ systems to spread malware, or launch other forms of attacks. Cyber criminals can easily mimic contact lists or use email addresses that look as if they’ve come from trusted institutions, and a simple click can unleash a ransomware attack that can hold an entire company, government or home hostage.
"It’s a worrying trend – many phishing scams will use any means necessary to tease out valuable nuggets of personal information and phone calls or emails from so-called ‘trusted sources’ are among the most common methods used," the report said in part.
A significant percentage have had a PC infection, and more than a quarter had fallen for a scam. In Kenya, Ghana and Egypt, 67% of respondents had their PCs infected while those affected in South Africa stands at 50%.
The survey found that more than 90% of respondents used a smartphone and more than 70% used a laptop computer to connect to the internet, using either data from their mobile network (more than 80%) or through their home network. However, more than a quarter of respondents connected their devices to the internet using a free Wi-Fi connection in a public space. This is risky, as cyber criminals make use of public places to trick people into connecting to their malicious hotspot in order to connect to the person’s machine or to steal their information.
Using stolen credentials was the third most common attack vector used in successful breaches and applying multi-factor authentication, which is combining your password with something that you own, such as a One-Time-Password app on your phone, which reduces this risk significantly.
Training in cybersecurity threats, methodologies, entry points and vulnerabilities has become critical for the organization, the report said.