Key findings highlighted by the Interpol assessment of the cybercrime landscape in relation to the COVID-19 pandemic has ranked phishing as number one global threat to businesses during this pandemic.
The 2020 Security Culture Report released by KnowBe4 and CLTRe collected data from more than 120,000 employees across 24 countries to find out exactly how deeply security was embedded into the company culture. Or not. South Africa, Kenya, Botswana, Namibia, Zimbabwe, USA, UK, New Zealand, Norway, and India were some of the countries included in the survey. The industries included banking, financial services, insurance, education, transport, and energy and utilities.
The security report was developed by CLTRe, a research organization that was acquired by KnowBe4 to enhance its ability to truly understand how organizations were threatened by a lack of information. The overall security culture scores were measured across seven dimensions that included attitudes, behaviours, cognition, communication, compliance, norms, and responsibilities. These were then further analyzed against the country and industry sector to provide a holistic global security overview. The results? Not what you might expect.
“Asia has the highest security culture score, followed by the United Kingdom,” says Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4 Africa. “The continent of Africa is on par with North America, Australia and New Zealand at 73 and leading ahead of Europe at 69.
A higher score could be because Africa has leapfrogged legacy issues that plague some of the security environments in Europe. It may also be explained by the fact that about 90% of the African participants are from South African financial institutions. South Africa is a country where security and risk behavior is ingrained in people’s daily lives and the financial services sector is ahead of other sectors when it comes to digital security attitudes and behaviours.
“While Africa isn’t quite as compliant as the USA overall, our results show a more positive attitude, norms, and behaviour towards securing information. However, where Africa – and the rest of the world – is struggling is in education. This sector scored particularly badly with communication policies, attitudes, and cognition, which is linked to learning. It’s an area that we have to become aware of, as it puts students and educators at risk.”
The recent shift in the world has caused many education institutions to find new footing online and this has made an already shaky sector even more vulnerable. The report emphasizes how students and teachers have become even more reliant on technology and need better security protocols and foundations in order to stay secure. This is a wake-up call for education, globally, not just in Africa. It is equally one that should be heard by the transportation and energy and utilities sectors. They too scored very low on the table compared with banking, finance, and insurance – all industries that scored better in comparison to the low performers. However, they shouldn’t be too quick to congratulate themselves. For instance, a score of 76, as seen by banking and by financial services, is well below the expected level of 90 or above.
“The question that the report raises is simple – how can the organization embed secure employee behavior to minimize the risk and maximize protection?” asks Collard. “The answer is that security has to be management’s responsibility and needs to remain an ongoing priority. A few emails and posters about password hygiene aren’t going to cut it when a phishing email or ransomware breaks loose. And this can happen with just one accidental click of a mouse.”
The report underscored one very important fact – the human element is underserved. The culture of an organization can significantly affect its security and by understanding the various factors that influence this culture and how it can be remedied, the organization can significantly change its security.