Social engineering still SA’s number one cyber security risk
Despite fast evolving cyber security attack methods and drivers, social engineering remains the easiest way for attackers to breach organisations’ networks.
This is according to Anna Collard, SVP Content Strategy and Evangelist Africa at KnowBe4, who was speaking ahead of the first KnowBe4 KB4-CON cyber security event for EMEA.
“Verizon’s 2021 Data Breach Investigations Report shows that social engineering attacks continue to be the top threat action used in successful breaches (at 30% of attacks), with basic web application attacks not far behind,” she says. “Eighty-five percent of breaches involved a human element, with stealing user credentials the most favoured technique of cyber criminals.”
These findings are echoed in South Africa, where the human element is by far the weakest link in cyber security, she says. “A survey carried out by KnowBe4 in partnership with ITWeb found that in the new remote work environment, user behaviour was ranked as the top security risk for organisations, with 61% of those who experienced a security incident recently having fallen victim to phishing or social engineering attacks.”
KnowBe4’s 2020 African Cybersecurity Research Whitepaper shows that the picture is equally worrying across Africa, where 48% of people report that they are concerned about cyber crime, but 52% don’t know what ransomware is.
Collard says some sectors are more susceptible to phishing attacks than others, with KnowBe4’s annual benchmarking study revealing that among smaller organisations, healthcare and pharmaceuticals is the most ‘phish-prone’ sector, followed by education. Among large organisations, the energy and utilities sector is most phish-prone, followed by insurance and banking.
“These are all digitally advanced sectors where user awareness should be high, yet humans remain the weakest link,” says Collard. “The disruptions caused by the COVID-19 pandemic and the move to work from home may have exacerbated the problem of human error and susceptibility to attack, but our research findings indicate that now more than ever, vulnerability testing and strategic training is crucial to mitigate risk.”
KnowBe4 says its data shows that the phish-prone percentages of African organisations align with the rest of the international averages.
KnowBe4 notes that Africa’s future economic growth, productivity and prosperity all depend on its ability to adapt to an increasingly digital and technologically advanced world, a fact that has been further illuminated by the COVID-19 pandemic.
To help organisations across Africa stay abreast of changing cyber threats and learn to mitigate the risk of phishing attacks, KnowBe4 is set to bring its annual flagship cyber security event, KB4-CON, to EMEA. This free event for CISOs, infosec practitioners, customers and channel partners will uncover emerging cyber security trends, top cyber security strategies and new products.
Among the highlights of this engaging event will be keynotes from two of the most well-known figures in cyber security. Mikko Hyppönen, international cyber security expert and Chief Research Officer at F-Secure, will outline how our global networks are being threatened by surveillance and crime; and the world-renowned former hacker and security expert Kevin Mitnick will reveal social engineering tricks of the trade and wow attendees with a live hacking demonstration.
KB4-CON EMEA is a free, virtual, single-day event to be held on Thursday, 23 September.
For more information and to register for this event, click here.