In 2021, KnowBe4 (www.KnowBe4.com), Lynchpin and ITWeb conducted surveys (https://bit.ly/3qBLiml) across Nigeria, South Africa and Kenya to unpack how remote working was influencing the security paradigm for organisations. The survey found that a significant percentage of companies will very likely continue leveraging remote working. At the time of writing the report, 57% of organizations in South Africa, 29% in Kenya and 32% in Nigeria will continue with remote working on a flexible basis, As Anna Collard, SVP of Content Strategy and Evangelist for KnowBe4 Africa points out, remote working may have become an invaluable tool for the organisation, but it comes with a security caveat – people have to be properly trained to recognise the risks inherent in online interactions.
“One of the immediate defences against cybercrime is an employee that has been well-trained and understands how to spot and report cyber threats,” she adds. “People should know what a social engineering attack looks like, and why they should not click on links or open attachments. While many respondents in the survey believed that their remote workers were adequately trained to withstand social engineering attacks, a significant percentage was unsure as to how well their people would react to a security threat. And this points to an urgent need for security training.”
People are both the problem and the solution. On one hand, they are the human firewall that can stand against the threats and play a huge role in mitigating security risks. On the other, they can be the vulnerability that bypasses the complex and expensive security by simply clicking on a link, or succumbing to a phishing attempt. Companies that are focusing on hybrid or remote working frameworks going forward will have to put training at the forefront of their policies and planning. Ultimately, a breach could cost them financially and reputationally – particularly now, in the era of rigorous protection of personal information legislation – and poor user behaviour is a leading cause of security incidents across the three countries. While the number of security incidents experienced by companies overall dropped in 2021, those attacks that got through used phishing, social engineering, ransomware and malware. Unintentional data leaks sat in the third position in South Africa alongside credential theft, while Kenya battled with phishing and ransomware. Nigeria’s biggest problems were social engineering and phishing.
“Companies across Nigeria, Kenya and South Africa have also struggled with insecure home Wi-Fi networks and people sharing their corporate devices with family and friends,” says Collard. “The pandemic threw everyone in the deep end in 2020, and they all spent 2021 learning how to swim. Now, in 2022, it is time to redefine and reshape how the organisation manages security and remote working as effectively and dynamically as possible.”
This means that companies need to refine their security awareness processes alongside providing training and education. The first step is to invest in robust security policies that outline the risks, and that inform users how to report and act when faced with a potential cyberattack. The simpler and more straight forward those processes and tools are, the higher the probability that people will play their part. While the report found that most companies have put a lot of time and effort into shoring up the security walls, many do not prioritise it as much as they should – often cutting security budgets and leaving IT teams with limited resources.
“The reality is that cybersecurity is a constantly evolving landscape that expects organisations to evolve along with it,” concludes Collard. “As remote working gains traction and stability, cybercriminals are going to exploit every weakness they can find – from a poorly secured home network to a badly trained employee. This is the perfect time to establish a security culture within the business and prioritise its value and importance.”
Go here for a copy of the full report. https://bit.ly/3qBLimlDistributed by APO Group on behalf of KnowBe4.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.