As Africa trends towards the connection of one-billion people over the next two years, the continent is increasingly becoming a target for cybercriminals.

Some 525-million Africans are connected to the Internet – representing 40% of the population – and the continent has become vulnerable, ranking as one of the fastest-growing regions in terms of cybercrime activities.

As connectivity improves, Internet users, many of whom are coming online for the first time and do not understand the risks, will be faced with increasing cyberattacks, says integrated security awareness training and simulated phishing platform KnowBe4 Africa MD Anna Collard.

“Many criminals consider Africa a safe haven for their illegal operations, as many African governments need to attend to other pressing issues, such as fighting poverty, unstable politics, violent crime and massive youth unemployment, and thus regard cybersecurity as a luxury [and] not a necessity.”

Added to this is a significant shortage of skilled security professionals, a lack of public awareness and company budgets allocating less than 1% towards cybersecurity.

Africa’s lack of legislation and law enforcement, with only about 20% of States with the basic legal frameworks to deal with cybercrime, also makes the region attractive to cybercriminals.

“Kenya, South Africa and Mauritius are probably the most advanced in this regard and Nigeria is coming up fast,” she says.

Her comments followed the release of the 2019 ‘KnowBe4 African Cybersecurity Awareness Report’, which shows Africans are not prepared for cyberthreats, making them increasingly easy prey for cybercriminals.

“Humans are one of the most common causes of a business being held by ransomware or crippled by malware, data breaches or plain financial fraud,” Collard continues.

She points to the inadvertent clicking on attachments, sharing of personal information or carrying an infection into work on their mobile device and making use of unsecure free public WiFi.

From ransomware to phishing to malware and credential theft, users are not protecting themselves adequately because they mistakenly think they are informed, ready and prepared, according to the results of a survey of more than 800 respondents across South Africa, Kenya, Nigeria, Ghana, Egypt, Morocco, Mauritius and Botswana.

The KnowBe4 survey found that nearly half the respondents across all eight countries felt that their organisations had trained them adequately and that they would recognise a security incident or issue if they saw one.

However, 53% believe that trusting emails from people they know is good enough, 28% have fallen for a phishing email, 52% do not know what multifactor authentication is, more than a quarter have fallen for a scam and 50% have had a malware infection.

In South Africa, 50% of respondents had their computers infected, while, in Kenya, Ghana and Egypt, this number rose to 67%.

Of those surveyed, 75% of Kenyans and 74% of South Africans were the most concerned about the risk of cybercrime; however, 27% and 57% respectively were comfortable giving away their personal information if they understood what it would be used for.

“Most people do not realise what a risky email looks like or how their actions can result in their systems becoming infected.”

Phishing and social engineering attacks are not just limited to email – they have spread to other popular communication channels, such as WhatsApp.

“The results proved that respondents’ confidence was based on the little they know about cyberattacks and [this] is where the problem lies. They are vulnerable, as they are not aware of what they do not know,” Collard says.

The survey highlights the urgent need for security awareness training.

It has become critical for organisations that they train employees around security best practices, cybersecurity threats, methodologies, entry points and vulnerabilities and the various methodologies used by the cybercriminal.