A survey of 139 companies in South Africa, Zambia, and Kenya showed that 62% of companies blamed remote working for the surge in cybersecurity threats.
According to Liquid C2 Cyber Security’s “The Evolving Cyber Security Landscape in Africa 2022” report
The top method of attack used by cybercriminals targeting companies was through email, using Phishing or Spam attacks (61%), with attacks through compromised passwords following at 48% and data breaches and attacks (44%) being the second and third most common. “One of the primary threats cited by decision-makers around remote and hybrid working was authorised use – the concern that the person accessing the device or the company resources is not a family member or someone misusing company owned resources. There are concerns around managing this challenge alongside malicious code from harmful websites and lost or stolen devices,” the report said.
According to the report, from ensuring the protection of one environment for hundreds of employees in the office, they are now tasked with protecting hundreds of environments scattered across different countries, geographies, time zones and regions.
To further alleviate the problem, the continent does not have the requisite cybersecurity skill pool to deal with the surge in threats. The report estimates that there are only 7,000 certified cybersecurity professionals, or one for every 177,000 people on the continent.
“The biggest concern emerging from this report is that companies are saying that they’ve put a lot more cyber security controls in place. With threats evolving faster than security systems, companies cannot afford to get complacent,” says David Behr, CEO of Liquid C2. “The report highlights that businesses must be consistently vigilant about the ever-evolving cybercrime landscape and the methods malicious actors use to breach cyber security measures. As the report shows, complacency is a luxury no one can afford.”
According to INTERPOL’s 2022 Africa Cyberthreat Assessment report [pdf], South Africa leads the continent in the number of identified cybersecurity threats, with 230 million total threat detections. In second place was Kenya with 72 million.