WhatsApp is the most used app across both personal and business use cases, survey finds as need for cyber security intensifies

Supplied image.

Supplied image.

Published Feb 28, 2023

Share

Johannesburg - The digital landscape is overflowing with an ever-evolving array of solutions and services created to make lives easier, offices smoother and engagements richer.

This includes smartphones, applications, social media, artificial intelligence (AI) platforms and multiple other tools that have all become part of daily life in Africa, transforming how people connect, collaborate and engage.

But these technological advancements have also opened up cyber windows that allow attacks and the threats that compromise organisations and individuals, SVP Content Strategy & Evangelist at KnowBe4 Africa, Anna Collard said.

“It has become critical for organisations to invest in training and awareness programmes that help them to identify criminal tactics and mitigate risk.”

Collard said their poll to assess cyber security awareness in Africa showed that some of the key issues currently facing organisations were awareness and understanding.

“Many people still feel safe online and believe that cybercrime will not affect them personally. Others expect their work to take care of their cyber safety or do not know how to mitigate the threats themselves.”

The KnowBe4 Cybersecurity in Africa survey polled 800 employees across multiple sectors in Mauritius, Botswana, Egypt and Ghana to assess their cybersecurity awareness.

The survey focused on their levels of connectivity, the digital devices and platforms used, their perceptions of cyber security, the ways in which they work and their understanding of the threats.

Of those surveyed, 97% use a smartphone, 74% use a laptop, 47% have a smart TV, 31% use a tablet, 17% have a gaming console, 8% use a feature phone and less than 1% had none of these devices.

When asked what applications they use for work, the most prevalent was WhatsApp (89%), followed by email (80%), Facebook (59%), Telegram (46%), Instagram (45%), Twitter (42%), Zoom (42%), LinkedIn (36%), Microsoft Teams (18%), Snapchat (18%), Slack (5%), WeChat (4%), Signal (4%) or other tools (1%).

On the personal front, the picture remains largely unchanged with Facebook ranking second (78%), followed by Instagram (57%), email (46%), Telegram (40%), Twitter (39%), Snapchat (25%), LinkedIn (14%), Zoom (11%), Signal (3%), Microsoft Teams (2%) and other tools (1%).

“WhatsApp is the most used app across both personal (98%) and business use cases,” said Collard.

“While email remains the most popular form of business communication on the continent, it is still immensely popular for personal use. Both platforms are high-risk for cyber threats such as phishing, ransomware and fraud, so these should be a priority for organisations looking to drive awareness and training.”

Collard added that connectivity was also a key concern, as it often introduced vulnerabilities into both professional and personal networks and devices.

This is as the survey found that 71% access the internet through their mobile networks, overlapping with the 71% who access the internet through home Wi-Fi, and 36% who go online through work/office networks, while 12% access the internet at internet cafes, and 15% use free Wi-Fi at public places.

“The question is – do people understand the risks associated with accessing the internet in public places and are they putting the right security protocols in place?” asks Collard. “Often, people do not even know that they can be hacked while they access free Wi-Fi, or that they can have critical information, like passwords, stolen while they are online.”

Collard added that this concern is reflected in the research around cybercrime awareness. “On a scale of one to five, most said that they were concerned with cybercrime, with 29% saying they were ‘very concerned’ and 38% saying they were ‘concerned’.”

“However, 19% said that they were ‘somewhat concerned’ but that they did not understand the threats or how to mitigate them while 7% said that they did not believe it affected them personally because their work took care of it and 7% felt safe and ‘not at all concerned’.”

Collard stressed that everyone should be concerned about cybercrime.

“All it takes is for one person to introduce a virus to a system or open up a doorway or lose their passwords, and the entire organisation is put at risk.”

Collard believes that training has never been more important, particularly “when there is a clear trend around people feeling like they do not know enough about cybercrime to protect themselves or feel like they do not understand what they need to do to stay informed about the risks.”

Collard added that this was reflected in the biggest concerns raised by those who were worried about cybercrime, with respondents citing online fraud (51%), identity theft (24%), children and family (14%), lack of understanding (10%) and other concerns (1%) as their primary worries.

While over half said that they had received cybersecurity training from their employers, only 21% agreed that the training was adequate, while 10% felt it was not adequate at all.

“And it is worth noting that many people still were not entirely sure what their roles and responsibilities were around information security (11%), and 45% said that they ‘somewhat agree’ that they could recognise a security incident. Only 34% of people said they felt ‘very confident’ that they could recognise a security incident if they saw one.”

Meanwhile, most survey respondents were hesitant to give away personal information, with 29% saying they tended not to share personal details such as their identity number, and 51% saying they would share this information only if there was a real need to do so, and they understood what it was being used for. 13% part with personal information if they cannot avoid it.

“Worryingly, 7% are comfortable sharing personal information, with 4% saying they are likely to do so if they can get something in return – such as a discount, and 3% saying they share personal information all the time.”

“Then, we look at issues like cyber hygiene and discover that only 43% of respondents could identify what ransomware was, and only 61% could identify a strong password,” said Collard. “A worrying 20% selected P@$$word!, 25% selected thisismysuperwonkyapp#1, 16% chose Summer#123 and 3% chose Grandma1959. 6% said none of these were strong passwords. Only the 62% who chose DSM@8043&! were correct.”

Digging deeper into how well people understand security, the survey asked people to define two-factor authentication, and 60% said it was ‘using my password plus something I own, such as a One Time Password generator,’ Collard said.

However, 20% said it was ‘Entering my password twice for extra security’, 8% said it was Captcha generators, 9% said it was using two different passwords and 4% said it was using a password manager. Only 17% say none of the common cybercrime tactics had affected them. More than half (51%) said they had previously had a virus infection on their computer, 32% had lost money due to a scam or con artist, 26% had clicked on a phishing mail, 21% had been scammed from a phone call and 17% had forwarded a scam or hoax email.

When checking to determine whether an email is legitimate, Collard explained that, “55% said they only trusted emails from people they knew, 54% do not click on links or open attachments they were not expecting, and 27% check for bad grammar or spelling as a sign the mail is not legitimate. 31% Google the sender or topic to see if it is a scam, 23% hover over links to see their origin, and 11% do all the listed checks.”

Meanwhile, 32% said they had moved to work from home and among the 20% who were affected by cybercrime while working from home, a multitude of scams and cyber crimes had occurred.

Collard explained that these scams ranged from being tricked into crypto investment schemes and identity theft, through to accidentally downloading viruses and being hacked.

“The entire landscape is a challenge and the only way to thrive within this complexity is to arm your people with the tools and understanding they need to protect themselves,” said Collard.

“Training is the only way to ensure that all the protections and security investments made by the business are fully realised by those who use them. If people understand the threats, their role in mitigating the threats, and what to do to protect against them, they are empowered and more able to overcome the challenging landscape that lies ahead.”

The Saturday Star