Africa is on the radar of the world’s cyber criminals, and with social engineering and phishing among the most common attack vectors, public awareness and training will have to be stepped up to prevent organisations and individuals across the continent from suffering significant losses.
This is according to international security awareness organisation, KnowBe4, that says cybercrime has soared since the start of the pandemic and humans remain the biggest targets in organisational security, but that they can also be the best defence.
Anna Collard, SVP of Content Strategy&Evangelist for KnowBe4 Africa, says phishing, online scams and Business Email Compromise (BEC) have remained among the most common methods for cyber criminals to launch their attacks in the past year, and all of these methods rely on human error and vulnerability.
INTERPOL’s October 2021 African Cyberthreat Assessment (https://bit.ly/3kMItM0) Report quotes research by pan-African IT cybersecurity company, Serianu (https://bit.ly/3nq80Mz), which found that cybercrime reduced GDP within Africa by more than 10%, at a cost of an estimated 4.12 billion USD in 2021.
The INTERPOL report says Africa’s top five cyber threats are online scams that trick individuals into revealing personal or financial information; digital extortion such as sextortion; BEC in which criminals hack into email systems to deceive company employees into transferring money into their bank accounts; Cy-X (Cyber-extortion) such as ransomware in which criminals lock down data or systems to demand money; and the use of Botnets: networks of compromised machines to be used in automating large-scale cyberattacks.
“The incidence of cybercrime has grown along with the development of Africa’s digital economy, and it has increased significantly since the start of the pandemic,” Collard says.
“In South Africa alone, the recent KnowBe4 / ITWeb Ransomware Survey found that 32% of respondents had fallen victim to ransomware, with 48% of those experiencing a significant or very significant impact on their business operations as a result. Nearly one in four (24%) of those who had been attacked said they had incurred over R1 million in damages and costs as a result. The study also found that the top root causes of ransomware gaining a foothold in these environments were social engineering (27%), unpatched software (16%), misconfiguration (11%) and password issues (8%).”
In 2020, the personal details of more than 24,000,000 South Africans and nearly 800,000 businesses were exposed due to cybercrime, and according to the Southern African Fraud Prevention Service (SAFPS), impersonation fraud – otherwise known as identity fraud – increased by an alarming 337% (https://bit.ly/3qKkUHz) in 2020, indicating that the pandemic created new opportunities for fraudsters.
These trends are mirrored in many other reports. According to Transunion (https://bit.ly/3wZlK40), the rate of digital fraud attempts against businesses has risen significantly over pre-pandemic level, while Sophos reports in their “IT Security team: 2021 and beyond” (https://bit.ly/3ckVW9j) report that 58% of South African respondents' organisations experienced an increase in cyberattacks over the course of 2020.
The losses caused as a result of these breaches are staggering. According to a Sophos report (https://bit.ly/3qKv8rm), the average remediation cost of a ransomware attack in South Africa is $447,097 in 2021. IBM Security reports that the latest Ponemon Institute Cost of a Data Breach Report (https://ibm.co/30zaiQC) for South Africa now costs an average of $3.21 million per breach, with the global average having risen to $4.24 million.
Collard says: “The costs of attacks are rising fast – despite the fact the organisations are making cybersecurity a top priority and investing more in security solutions. Clearly, more needs to be done to prevent the root causes of these attacks and prepare organisations and government institutions. More private-public partnerships are needed to work together on combating this threat.
INTERPOL’s regional cybercrime strategy for Africa calls for a robust framework for sharing intelligence and coordinating action to strengthen the law enforcement response across Africa.
Collard agrees. “Silver bullets do not exist in the cybersecurity world. Only through a collaborative effort, sharing knowledge and focusing on the basics such as sound patch management, incident response process and security culture programmes will we be able to curb this increasing threat,” she says.Distributed by APO Group on behalf of KnowBe4.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.