Cyber-attack threats – the risk of not knowing what you don’t know

The KnowBe4 African Report on cyber-attacks in African countries such as South Africa, Kenya, Ghana, Morocco and more really does uncover some interesting statistics. The survey, which was carried out in 2019, tells us the following:

  • The majority of people in the country are worried about cybercrime;
  • A quarter of the respondents had no idea what ransomware is;
  • Over 50% of respondents didn’t know what multi-factor authentication is;
  • 57% of South Africans understand the risk of cybercrime but will still willingly provide their personal information if they think they know what it is being used for;
  • Most people feel that they would be able to detect a scam if faced by one, yet 50% of South African respondents reported having a PC infection or falling victim to a scam;
  • South Africans misunderstand what ransomware is, thinking that a virus that encrypts files and requires a ransom to decrypt them is called a “Trojan virus”;

Just these few findings paint a very bleak picture for the future of cybercrime in South Africa. Well, for the cybercriminals targeting South Africans it’s good news. For South Africa in general, it is quite the opposite.

The Most Valuable Finding from the KnowBe4 African Report

The report uncovered some valuable information for the surveying company and the respondents. It came out that email security is the biggest cyber-attack threat, mostly because users of email aren’t familiar with risks or don’t recognise them when they arrive in the inbox. There’s a lack of understanding surrounding malware, ransomware, phishing emails, and what the actual risk of sharing personal information is.

Cybercrime is particularly lucrative for cybercriminals as a result of the natural impulsive behaviour of individuals who will click on links and open attachments without first checking the source. Especially if they think they know the sender of the email. Something that most email users don’t know is that Cybercriminals can hack contact lists and send emails that appear to be from someone else.

The Misconception

A few years ago, a phishing email was usually easy to detect by its poorly written content and bad spelling. There are some that still believe that this is the format of a phishing email when in reality, cybercriminals have upped their game. Nowadays, it is extremely difficult to tell a phishing email apart from a legitimate email.

The Real Problem

The real problem is undeniable…human error.

Humans are not always fully aware of the impact of cybercrime on a business, a person, and finances. As humans, we tend to only realise the seriousness of the situation once we have fallen prey to it. And even then, we forget all too quickly. In business environments, employees seem to be far more careless with emails and attachments than they would be with their own private mail or their own business.

One of the biggest mistakes that people make is using free Wi-Fi hotspots for sensitive online activities. If you are going to do online banking or enter your email and social media passwords online, it’s best to do that at home or while using your mobile service provider’s data network. The moment you carry out these activities while using a free Wi-Fi hotspot, you put yourself and all the data on your device at risk. Cybercriminals are quite well known to use public Wi-Fi hotspots to trick users into connecting to their network which of course, ends up being malicious.

What is the Solution?

It is essential to ensure that all sensitive data is stored in the cloud rather than on a vulnerable device or storage disc. You should also ensure that all of your staff receive cybersecurity awareness training. This might sound like a huge cost and a waste of productive time, but it’s not. The more you talk about the importance of keeping your data secure, about acting responsibly with business devices, and being aware of possible risks and threats, the more you are preparing your workforce for possible attacks. You stand more chance of a big data breach problem being thwarted instead of spurring it on with naivety.

Last Word

While most people scroll through their inbox several times a day, few take the time to consider that an opportunistic criminal might be trying to con them. An attitude of awareness and cautiousness is essential in today’s cybercrime-rife environment.

Had a recent email cybercrime-related incident? Tell us about it!