Read time: 3 minutes

Africa still too trusting of email communication

By , Portals editor
Africa , 19 Feb 2020

Africa still too trusting of email communication

While 65% of Africans surveyed are concerned about cybercrime, 53% think that trusting emails from people they know is good enough; 28% have fallen for a phishing email and 50% have had a malware infection. Additionally, 64% don't know what ransomware is and yet believe they can easily identify a security threat, and 52% don't know what multi-factor authentication is.

These are some of the key findings from the 2019 KnowBe4 African Report, released by global security awareness training and simulated phishing platform KnowBe4.

The report is based on feedback from respondents across Botswana, Egypt, Ghana, Kenya, Mauritius, Morocco, Nigeria and South Africa.

KnowBe4 said that of all countries surveyed, Kenyans (75%) and South Africans (74%) were the most concerned about the risk of cyber crime and yet respondents were comfortable giving away their personal information as long as they understood what it was being used for (Kenyans 26.59% and South Africans 57%).

"It's a worrying trend – many phishing scams will use any means necessary to tease out valuable nuggets of personal information and phone calls or emails from so-called 'trusted sources' are among the most common methods used," the company stated.

According to KnowBe4, the problem is that most users are not aware of how cyber criminals operate and the tools that they use.

"More than half of respondents across all eight countries felt very confident that they would recognise a security incident or issue if they saw one, but a significant percentage have had a PC infection, and more than a quarter had fallen for a scam. In South Africa, 50% of respondents had their PCs infected, while in Kenya, Ghana and Egypt, this number rose to 67%."

The KnowBe4 survey also found that even though nearly half of respondents across all eight countries felt that their organisations had trained them adequately, a quarter of them didn't know what a ransomware was. For South Africans, a worrying 31.5% thought that a cyber threat that encrypts files and demands payments was a Trojan virus and 26.9% of Kenyans agreed.

Egypt and Morocco thought it was a drive-by download, while Ghana thought it was a botnet.

"More than 50% of respondents are not aware of what multi-factor authentication is or the benefit thereof. Using stolen credentials was the third most common attack vector used in successful breaches and applying multi-factor authentication, which is combining your password with something that you own, such as a One-Time-Password app on your phone, which reduces this risk significantly," the company added.

Email threat

According to the report email security is one of the biggest threats facing the average user – with over 70% of those surveyed using email to collaborate.

KnowBe4 stated: "Most people don't realise what a risky email looks like or how their actions can result in their systems becoming infected. While more than half of respondents in Botswana, Egypt, Kenya, Ghana, Morocco and Mauritius have enough security smarts to avoid clicking on links or opening attachments they don't expect, a startling 46% still trusted emails from people they knew. In South Africa, those statistics are completely turned around – more than half of respondents (52%) trust emails from people they know, while only 49.5% don't open attachments they have not expected."

"Email remains one of the most successful forms of cyber attack today for this very reason. People are quick to click on links or attachments sent to them from people who they know, not realising that cyber criminals have potentially hacked or spoofed (impersonated) their friend's, colleague's or suppliers' systems to spread malware, or launch other forms of attacks."

The company also expressed concern that phishing and social engineering attacks have spread to other communication channels, particularly WhatsApp – and given that the platform is in use over 90% in Africa, this was a serious concern.

"Training in cybersecurity threats, methodologies, entry points and vulnerabilities has become critical for the organisation. This not only helps to minimise the growing risk of human error that's allowing threats to bypass their complex and powerful security systems, but helps to protect their employees," KnowBe4 added.

Cyber security specialists believe businesses should adopt the stance of 'expecting an attack' in order to improve their preparedness and have controls in place to detect and prevent before major damage is caused.

The premise is that it is not enough to have systems in place to detect and notify of attacks, there must be the ability to stop an attack.

Daily newsletter