That's one of the biggest takeaways from the 2019 KnowBe4 African Cyber Security Report which surveyed over 800 respondents across SA, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana.

KnowBe4 is an integrated security awareness training and simulated phishing platform.

According to the report, 65% of respondents across all eight countries are concerned about cyber crime. However, KnowBe4 says they are vulnerable, as they are not aware of what they don't know.

"From ransomware to phishing to malware and credential theft, users are not protecting themselves adequately because they mistakenly think they're informed, ready and prepared. Around 55% believe that they would recognise a security incident if they saw one," says KnowBe4.

"The results proved that respondents' confidence was based on the little they knew about cyber attacks and it is where the problem lies. Africans are not prepared for these threats, making them increasingly easy preys to cyber-criminals," says Anna Collard, MD of KnowBe4 Africa.

"Many criminals consider Africa a safe haven for their illegal operations, as many African governments need to attend to other pressing issues such as fighting poverty, unstable politics, violent crime and large youth unemployment and still regard cyber security as a luxury, not a necessity."

The report says in many organisations, cyber security budgets are reported to be less than 1% of overall spend or are non-existent.

Skills shortage

Africa also faces the problem of a serious skill shortage of security professionals as well as a lack of awareness and skills among the general user population to protect them online.

Collard adds that many African Internet users are connecting to the Internet for the first time and "with the sharp increase in the next few years, you are looking at millions of people connecting without understanding the risks".

Another reason why Arica is attractive to cyber criminals is the lack of legislation and law enforcement.

According to a report by the African Union, only about 20% of African states have basic legal frameworks to deal with cyber crime.

Kenya, SA and Mauritius are probably the most advanced in this regard and Nigeria is coming up fast, says KnowBe4.

The survey found that even though nearly half of respondents across all eight countries felt that their organisations had trained them adequately, a quarter of them didn't know what ransomware was.

For South Africans, a worrying 31% thought that a cyber threat that encrypts files and demands payments was a Trojan virus and 27% of Kenyans agreed. More than 50% of respondents are not aware of what multi-factor authentication is or the benefit thereof.

E-mail trust

E-mail security is one of the biggest threats facing the average user, both at work and at home, and it is one of the most common communication methods – more than 70% of those surveyed use e-mail to collaborate with friends and colleagues.

"Most people don't realise what a risky e-mail looks like or how their actions can result in their systems becoming infected," the report says.

"While more than half of respondents in Botswana, Egypt, Kenya, Ghana, Morocco and Mauritius have enough security smarts to avoid clicking on links or opening attachments they don't expect, 46% still trusted e-mails from people they knew," it notes.

In SA, more than half of respondents (52%) trust e-mails from people they know, while 50% don't open attachments they have not expected.

"E-mail remains one of the most successful forms of cyber attack today for this very reason," says the report.

"People are quick to click on links or attachments sent to them from people who they know, not realising that cyber criminals have potentially hacked or spoofed (impersonated) their friend's, colleague's or suppliers' systems to spread malware, or launch other forms of attacks."

It explains that cyber criminals can easily mimic contact lists or use e-mail addresses that look as if they've come from trusted institutions, and a simple click can unleash a ransomware attack that can hold an entire company, government or home hostage.