Research finds Nigeria, other African countries not prepared for cyber threat

By Samson Echenim

Despite claims of working against cyber attacks by authorities in Nigeria, a recent research has found that Nigerians and citizens of some other countries in Africa are not prepared for cyber attacks.

The 2019 KnowBe4 African Report across South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana has found that people living on the continent are not prepared for the cyber threat. However, the report says 65 percent of respondents across all eight countries are concerned about cyber crime.

“About 53 percent of Africans surveyed think that trusting emails from people they know is good enough; 28 percent have fallen for a phishing email and 50 percent have had a malware infection; 64 percent don’t know what ransomware is and yet believe they can easily identify a security threat; 52 percent don’t know what multi-factor authentication is,” the report said.

“They are vulnerable, as they’re not aware of what they don’t know. From ransomware to phishing to malware and credential theft, users are not protecting themselves adequately because they mistakenly think they are informed, ready and prepared. Around 55 percent believe that they would recognise a security incident if they saw one,” the report noted.

According to the report, of all the countries surveyed, Kenyans (75 percent) and South Africans (74 percent) were the most concerned about the risk of cyber crime and yet respondents were comfortable giving away their personal information as long as they understood what it was being used for (Kenyans 26.59 percent and South Africans 57 percent). It’s a worrying trend – many phishing scams will use any means necessary to tease out valuable nuggets of personal information and phone calls or emails from so-called ‘trusted sources’ are among the most common methods used.

The report stated, “The problem is that most users are not aware of how cyber criminals operate and the tools that they use. More than half of respondents across all eight countries felt very confident that they would recognise a security incident or issue if they saw one, but a significant percentage have had a PC infection, and more than a quarter had fallen for a scam. In South Africa, 50 percent of respondents had their PCs infected, while in Kenya, Ghana and Egypt, this number rose to 67 percent.”

The KnowBe4 survey found that even though nearly half of respondents across all eight countries felt that their organisations had trained them adequately, a quarter of them didn’t know what a ransomware was. For South Africans, a worrying 31.5 percent thought that a cyberthreat that encrypts files and demands payments was a Trojan virus and 26.9 percent of Kenyans agreed. Egypt and Morocco thought it was a drive-by download, while Ghana thought it was a botnet.

More than 50 percent of respondents are not aware of what multi-factor authentication is or the benefit thereof. Using stolen credentials was the third most common attack vector used in successful breaches and applying multi-factor authentication, which is combining your password with something that you own, such as a One-Time-Password app on your phone, which reduces this risk significantly.

It said email security remained one of the biggest threats facing the average user, both at work and at home, and it is one of the most common communication methods — more than 70 percent of those surveyed use email to collaborate with friends and colleagues.

“Most people don’t realise what a risky email looks like or how their actions can result in their systems becoming infected. While more than half of respondents in Botswana, Egypt, Kenya, Ghana, Morocco and Mauritius have enough security smarts to avoid clicking on links or opening attachments they don’t expect, a startling 46 percent still trusted emails from people they knew. In South Africa, those statistics are completely turned around – more than half of respondents (52 percent) trust emails from people they know, while only 49.5 percent don’t open attachments they have not expected,” the report claimed.

Email remains one of the most successful forms of cyber attack today for this very reason. People are quick to click on links or attachments sent to them from people who they know, not realising that cyber criminals have potentially hacked or spoofed (impersonated) their friend’s, colleague’s or suppliers’ systems to spread malware, or launch other forms of attacks. Cyber criminals can easily mimic contact lists or use email addresses that look as if they’ve come from trusted institutions, and a simple click can unleash a ransomware attack that can hold an entire company, government or home hostage.

According to Verizon’s 2019 Data Breach Report, email phishing is till the number one attack vector used in successful breaches. Closely followed by malware infections and the use of stolen credentials – both of which are attack vectors commonly accomplished via phishing. Phishing and social engineering attacks are not just limited to email – they have spread to other communication channels such as WhatsApp and the phone. With WhatsApp use at more than 90 percent in Africa, this is a serious concern.

“Education is key to ensuring that employees are aware of the risks, understand the threats and make more concerted efforts to protect themselves from infection,” said the report.