By Cynthia Ezekwe.
KnowBe4, a simulated phishing and integrated security awareness training platform, has disclosed that the human factor is a vital key in the fight against phishing attacks and social engineering scams in Africa, saying one in three corporate employees on the continent is vulnerable to the crimes.
The integrated platform for phishing awareness stated this in its 2023 Phishing by Industry Benchmarking Report for Africa, which measures organisations’ phish-prone percentage”(PPP).
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters, while Phish-prone percentage indicates the number of employees in an organisation that are likely to fall for phishing or a social engineering scam.
KnowBe4’s report is based on data from over 12.5 million users across 35,681 organisations in 19 industries, and includes the results of over 32.1 million simulated phishing security tests.
The phishing report details international phishing benchmarks from North America, the United Kingdom and Ireland, Europe, Africa, South America, Asia, Australia and New Zealand.
According to the report, in Africa, 412 organisations from South Africa, Kenya, Nigeria and Botswana participated in the phishing simulation tests, with a total of 337,937 emails sent.
It noted that 58 per cent, comprising the majority of the organisations surveyed, were small sized organisations with one to 249 employees, followed by 26 per cent of medium sized organisations comprising 250-999 employees, while 16 per cent of organisations surveyed were large sized organisations with 1000+ employees.
The security awareness training firm, says African business users had a lower baseline PPP than many other regions, an indication that they were less likely to fall for phishing attacks before training.However, their improvement after 90 days of training was lower than in other regions.
The company noted that after a year of ongoing training, African users achieved a 79.8 per cent improvement in their PPP, showing the effectiveness of consistent security awareness education, the company said.
Anna Collard, senior vice president of content strategy for KnowBe4 Africa, said, “The report underscores the fact that while technology plays an important role in preventing and recovering from an attack, organisations cannot afford to ignore the human factor. The root cause of most data breaches can be traced to the human factor.”
The report shows that without security training 33.2 percent of employees across all regions and industries are likely to fall for phishing attacks or fraudulent requests.
