Anna Collard, the Managing Director of KnowBe4 Africa, a specialist in cybersecurity awareness training, was in Mauritius to present The 2019 KnowBe4 African Cybersecurity Awareness Report with over 800 respondents across eight countries in Africa: South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana.
The survey revealed the pressing need to educate Africans to the different cyberattacks. The key finding of the report are as follows:
· 53% of Africans surveyed think that trusting emails from people they know is good enough
· 64% didn’t know what ransomware is, yet they believe they can easily identify a security threat
· 28% have fallen for a phishing email and 50% have had a malware infection
· 52% don’t know what multi-factor authentication is
“The results proved that respondents’ confidence was based on the little they knew about cyber-attacks and it is where the problem lies,” said Collard.
“Africans are not prepared for these threats, making them increasingly easy preys to cybercriminals.”
According to Business Insider SA, 525 million Africans were connected to the Internet in June 2019 – representing 40% of Africa’s total population. This number is expected to grow to a billion people by 2022. As connectivity improves, users are faced with increasing cyberattacks. In fact, Africa has been among the fastest growing regions in terms of cybercrime activities.
When it comes more specifically to Mauritius, Anna Collard said: “It is one of the best prepared countries compared to other African countries with a Government prioritising the ICT sector and a vision to transform Mauritius into a Smart island by 2030.
“Mauritius is one of only a handful of countries on the continent with a legal framework in place to combat cybercrime.”
The Global Security Index (GCI) shows that Mauritius is ranked among the top ten most committed countries globally and first in Africa.
In addition, the survey showed a slightly higher awareness from Mauritian respondents when compared to other countries. In fact, more than half of respondents in Botswana, Egypt, Kenya, Ghana, Morocco and Mauritius have enough security smarts to avoid clicking on links or opening attachments they don’t expect.
However, the top five cybercrimes, financial fraud, impersonation scams, business email compromise, extortion attacks and DDOS attacks on critical infrastructure are expected to rise in the coming years.
“What makes Africa different to the rest of the world is that cybercriminals are shifting their attention towards the continent and other emerging economies,” said Collard.
Many criminals consider Africa a safe haven for their illegal operations, as many African governments need to attend to other pressing issues such as fighting poverty, unstable politics, violent crime and large youth unemployment and still regard cybersecurity as a luxury, not a necessity.
In many organisations, cybersecurity budgets are reported to be less than 1% or are non-existent. Africa also faces the problem of a serious skill shortage of security professionals as well as a lack of awareness and skills among the general user population to protect them online. Many African Internet users are connecting to the Internet for the first time and with the sharp increase in the next few years you are looking at millions of people connecting without understanding the risks.
Another reason for why Africa is so attractive to cybercriminals is the lack of legislation and law enforcement. According to a report by the African Union, only about 20% of African states have basic legal frameworks to deal with cybercrime.
Kenya, South Africa and Mauritius are probably the most advanced in this regard and Nigeria is coming up fast.
“We have analysed the phish prone % (meaning user’s susceptibility to phishing) across our 25,000 plus customers and nine million end users around the world at KnowBe4 and results proved that what starts off with a 30% baseline hit rate is lowered by half to 15% in three months and down to only 2% 12 months later, showing a serious and measurable improvement and risk reduction,” added Collard.