In 2021, KnowBe4, Lynchbein And ITWeb It conducted surveys across Nigeria, South Africa, and Kenya to reveal how remote working has affected the security model of organizations. The survey found that a large percentage of companies will likely continue to benefit from remote work.
At the time of writing, 57% of organizations in South Africa, 29% in Kenya and 32% in Nigeria will continue to work remotely on a flexible basis. Anna Collard, SVP of Content Strategy and Evangelist for KnowBe4 Africa notes that remote work may have become an invaluable tool for an organization, but it comes with a security caveat – people must be properly trained to recognize the risks inherent in online interactions.
“One of the immediate defenses against cybercrime is an employee who is well trained and understands how to detect and report cyber threats,” she adds. “People should know what a social engineering attack looks like, and why they shouldn’t click links or open attachments. While many survey respondents believed that their remote workers had received sufficient training to resist social engineering attacks, a large percentage were unsure how they would respond its personnel to the security threat. This indicates an urgent need for security training.”
People are the problem and the solution. On the one hand, they are the human firewall that can stand up against threats and play a huge role in mitigating security risks. On the other hand, it could be a vulnerability that bypasses complex and costly security by simply clicking on a link, or succumbing to a phishing attempt. Companies focusing on hybrid or remote frameworks in the future should put training at the forefront of their policies and planning. Ultimately, the breach could cost them money and their reputation – particularly now, in an era of strict protections for personal information legislation – and bad user behavior is a major cause of security incidents across the three countries. While the number of security incidents faced by companies overall decreased in 2021, those hit by phishing, social engineering, ransomware, and malware. Unintended data leaks ranked third in South Africa alongside credential theft, while Kenya was battling phishing and ransomware. Nigeria’s biggest problems were social engineering and phishing.
“Businesses across Nigeria, Kenya and South Africa have also struggled with unsecured home Wi-Fi and people sharing their business devices with family and friends,” Collard says. The pandemic has thrown everyone to its deep end in 2020, and they all spent 2021 learning to swim. Now, in 2022, it is time to redefine and reshape the way the organization manages security and remote work as effectively and dynamically as possible.”
This means that companies need to improve security awareness processes as well as provide training and education. The first step is to invest in strong security policies that identify risks, and teach users how to report and act when facing a potential cyber attack. The simpler and more straightforward these processes and tools are, the more likely people are to play their part. While the report finds that most companies put a lot of time and effort into reinforcing security walls, many don’t prioritize them as much as they should – often slashing security budgets and leaving IT teams with limited resources.
Collard concludes, “The reality is that cybersecurity is an ever-evolving landscape with which organizations are expected to evolve.” “With remote work gaining traction and stability, cybercriminals will exploit every vulnerability they can find – from a poorly secured home network to a poorly trained employee. This is the perfect time to establish a security culture within the company and prioritize its value and relevance.”