Cisco’s Consumer Security Survey gathered insight into how secure South Africans feel online. And, it turns out, they have good reason to be worried.
The recent Cisco survey involved 1006 South African consumers aged 16 and older. It revealed that 74% of the respondents are concerned about their connected devices being hacked, but many are not taking the right precautions to prevent this. For example, 73% frequently send work emails on personal devices, 69% have used public networks for complex work tasks, and 99% share one or more connected devices with others.
The survey reflects a concerning trend where people are worried about online security, but they either don’t know how to stay safe or aren’t willing to take steps to keep themselves safe. Of those surveyed, 37% said they do not use or do not know what multi-factor authentication (MFA) is, while 50% said they rely on advice from family when it comes to their online and device security behaviour. In addition, only 36% of respondents had a very good overview of their connected devices, with younger people having a higher rate of visibility than older people. If devices are not protected by something such as encryption or two-factor authentication, users could face significant risks.
The latest cybercrime statistics reveal that South Africa ranked sixth among the world’s most affected countries. With an estimated 52 victims per 1 million internet users, the level of cybercrime in South Africa is exceptionally high. In 2021, there were an average of 97 victims per hour, while back in 2001, only 6 South Africans per hour fell victim to cybercrime.
Cybercrimes affect all countries, but weak networks and unreliable security make African countries particularly vulnerable. Recent cyberattacks on South Africa have shown how vulnerable the country is to cybercriminals and ransomware assaults, which threaten people, the economy and infrastructures like power plants, hospitals, and financial services. Securing these and other organisations is essential to keeping our society functioning.Conrad Steyn, CTO and Head of Engineering, Cisco Sub-Saharan Africa
Cisco’s survey supports the Talos Quarterly Trends Report findings that a lack of security measures, such as multi-factor authentication (MFA), remains one of the biggest impediments to enterprise security. An MFA ─ an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism ─ provides an excellent way to protect your digital presence. However, Cisco found that:
- only 55% of respondents updated their password within the past 6 months,
- 13% updated their password over a year ago, and
- 19% never have or can’t remember if they have ever changed their web-based passwords.
These findings are worrying, considering that most of the ransomware and phishing incidents in South Africa could have been prevented if MFA had been properly enabled on critical services, such as endpoint detection and response (EDR) solutions.
At an individual level, a cybersecurity attack can result in everything from identity theft and extortion attempts to the loss of important data like family photos. And, because cybersecurity is critical for businesses of all sizes, businesses need to empower their employees by providing ongoing security awareness training to help them identify malicious emails that are usually the first step in attacks.Conrad Steyn, CTO and Head of Engineering, Cisco Sub-Saharan Africa
Although Cisco’s Security Survey revealed insight into South African consumers’ behaviour, research shows that malware and ransomware attacks are becoming more exclusive to businesses. Businesses should remember that cybercriminals research their targets extensively and create convincing emails that trick employees, calling for urgent action and company-wide digital transformation. Compromised credentials ─ a focus of most phishing campaigns today ─ provide the hacker with the ability to access applications and reset passwords for other accounts, and can act as the basis for launching additional attacks.