Phishing tops major cyber threats to business during COVID-19 pandemic

Phishing ranks top among the global threat to businesses during the COVID-19 period.

The 2020 Security Culture Report released by KnowBe4 and CLTRe collected data from more than 120,000 employees across 24 countries to find out exactly how deeply security was embedded into the company culture. Or not. South Africa, Kenya, Botswana, Namibia, Zimbabwe, USA, UK, New Zealand, Norway, and India were some of the countries included in the survey. The industries included Banking, Financial Services, Insurance, Education, Transport, and Energy and Utilities.

“Asia has the highest security culture score, followed by the United Kingdom,” says Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4 Africa. “The continent of Africa is on par with North America, Australia, and New Zealand at 73 and leading ahead of Europe at 69.

A higher score could be because Africa has leapfrogged legacy issues that plague some of the security environments in Europe. It may also be explained by the fact that about 90 per cent of the African participants are from South African financial institutions. South Africa is a country where security and risk behavior is ingrained in people’s daily lives and the Financial Services sector is ahead of other sectors when it comes to digital security attitudes and behaviours.

“While Africa is not quite as compliant as the USA overall, our results show a more positive attitude, norms, and behaviour towards securing information. However, where Africa – and the rest of the world – is struggling is in Education. This sector scored particularly badly with Communication policies, Attitudes, and Cognition, which is linked to learning. It’s an area that we have to become aware of, as it puts students and educators at risk.”

The recent shift in the world has caused many education institutions to find new footing online and this has made an already shaky sector even more vulnerable.

The report emphasizes how students and teachers have become even more reliant on technology and need better security protocols and foundations in order to stay secure.

This is a wake-up call for education, globally, not just in Africa. It is equally one that should be heard by the Transportation and Energy and Utilities sectors.

They too scored very low on the table compared with banking, finance, and insurance – all industries that scored better in comparison to the low performers. However, they shouldn’t be too quick to congratulate themselves. For instance, a score of 76, as seen by Banking and by Financial Services, is well below the expected level of 90 or above.

“The question that the report raises is – how can the organisation embed secure employee behavior to minimize the risk and maximize protection?” asks Collard. “The answer is that security has to be management’s responsibility and needs to remain an ongoing priority. A few emails and posters about password hygiene aren’t going to cut it when a phishing email or ransomware breaks loose. And this can happen with just one accidental click of a mouse.”