Merry Cybercrime Season
Readers of this Newsletter will be familiar with EFSA’s concerns over cybercrime in South Africa and on the Continent. We have pointed out that the majority of people living on the African Continent are not prepared for cyber-attacks. The 2019 KnowBe4 African Cyber Security Report surveyed over 800 respondents in SA, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana and found that although 65% of respondents were concerned about cyber-crime and 55% believed that they would recognise a security incident, most remained vulnerable, with little knowledge about the forms cyber-crime takes. The report points out that many organisations have tiny or non-existent cybersecurity budgets. Africa faces the problem of a serious skill-shortage of security professionals as well as a lack of awareness and skills among the general user population to protect them online. As this Newsletter has reported frequently, Africa is also attractive to cybercriminals because of the lack of legislation and law enforcement. A report by the African Union shows that only about 20% of African states have basic legal frameworks to deal with cyber-crime. Kenya and Mauritius are probably the most advanced. Nigeria is coming up fast. SA’s law remains at Parliament as we reported last month.
The survey found that even though 50% of respondents across all 8 countries felt that their organisations had trained them adequately, 25% did not know what ransomware was. For South Africa, 31% thought that a cyber threat that encrypts files and demands payments was a Trojan virus. More than 50% of respondents are not aware of what multi-factor authentication is or of its benefits. Many respondents did not recognise the dangers of opening attachments to emails without verifying the source.
Old fashioned spam also remains an issue – being a mobile phone user in Ethiopia comes at the risk of receiving nearly 120 spam texts per month—the highest rate globally. SA and Kenya also rank in the top 3 for countries where users receive the most spam texts across the world, according to Truecaller, the Stockholm-based caller identification app. In total, African countries make up 9 of the top 20 ranked countries for spam texts received. The rankings are based on data on spam texts received by users between Jan. 1, 2019 and Oct. 30, 2019. Users in Nigeria, Africa’s largest mobile market, receive around 65 spam texts monthly despite a regulatory clampdown in 2016 allowing users to activate “do not disturb” features to block spam texts. But, as Quartz Africa reported, a key flaw in the regulation allowed telecoms operators, who are major spammers themselves, to claim that they are exempted.
Meanwhile, in the USA it has been noted that smart home companies risk security lapses if they rely on end-users to enact security measures. Amazon’s Ring gives users the option to use two-factor security authentication on Ring products — which include video doorbells, security systems, security cameras, and smart lighting products — but it does not require them to do so. The recent spate of security breaches illustrates the dangers of relying on end-users to choose between convenience and security; smart home companies, in particular, should not assume that end users are informed enough to accurately assess the security risks inherent to their devices. Amazon denies any hacking of its system but concedes that two-step authentication could be inconvenient as it adds an extra step to accessing a device, which is why it does not mandate the use of the security feature. Moral of this story – being lazy about security does not pay!
Become a member
Join the Ecommerce Forum South Africa and benefit from industry insights in South Africa and Africa.
Sign up to newsletter
Sign up to our newsletter and stay informed of the progress we are making at the Ecommerce Forum South Africa with government during Coronavirus.