A survey has discovered that 32% of Nigerian organisations will continue with remote working in the wake of the pandemic despite growing cyber threats.
The surveys carried out in 2021 by KnowBe4, Lynchpin, and ITWeb across Nigeria, South Africa, and Kenya hoped to understand how remote working was influencing the security paradigm for organisations
A significant percentage of companies will very likely continue leveraging remote working, according to the survey report, with 32% of Nigerian organisations, 57% in South Africa, and 29% in Kenya.
Remote Working ‘Comes With A Security Caveat’
Anna Collard, SVP of Content Strategy and Evangelist for KnowBe4 Africa, explains that remote working may have become an invaluable tool for the organisation, but it comes with a security caveat – people have to be properly trained to recognise the risks inherent in online interactions.
Collard says that “one of the immediate defences against cybercrime is an employee that has been well-trained and understands how to spot and report cyber threats.”
“People should know what a social engineering attack looks like, and why they should not click on links or open attachments. While many respondents in the survey believed that their remote workers were adequately trained to withstand social engineering attacks, a significant percentage was unsure as to how well their people would react to a security threat. And this points to an urgent need for security training.”
People are both the problem and the solution, the surveys found out. On one hand, they are the human firewall that can stand against the threats and play a huge role in mitigating security risks. On the other, they can be the vulnerability that bypasses the complex and expensive security by simply clicking on a link, or succumbing to a phishing attempt.
Companies that are focusing on hybrid or remote working frameworks going forward, according to the report, will have to put training at the forefront of their policies and planning. Ultimately, a breach could cost them financially and reputationally – particularly now, in the era of rigorous protection of personal information legislation – and poor user behaviour is a leading cause of security incidents across the three countries.
“Companies across Nigeria, Kenya, and South Africa have also struggled with insecure home Wi-Fi networks and people sharing their corporate devices with family and friends,” Collard says. “The pandemic threw everyone in the deep end in 2020, and they all spent 2021 learning how to swim. Now, in 2022, it is time to redefine and reshape how the organisation manages security and remote working as effectively and dynamically as possible.”
While the number of security incidents experienced by companies overall dropped in 2021, those attacks that got through used phishing, social engineering, ransomware, and malware, the surveys uncover. Unintentional data leaks sat in the third position in South Africa alongside credential theft, while Kenya battled with phishing and ransomware. Nigeria’s biggest problems were social engineering and phishing.
According to the experts, this means that companies need to refine their security awareness processes alongside providing training and education. The first step is to invest in robust security policies that outline the risks, and that inform users how to report and act when faced with a potential cyberattack.
The simpler and more straightforward those processes and tools are, the higher the probability that people will play their part. While the report found that most companies have put a lot of time and effort into shoring up the security walls, many do not prioritise it as much as they should – often cutting security budgets and leaving IT teams with limited resources.
“The reality is that cybersecurity is a constantly evolving landscape that expects organisations to evolve along with it,” Collard adds. “As remote working gains traction and stability, cybercriminals are going to exploit every weakness they can find – from a poorly secured home network to a badly trained employee. This is the perfect time to establish a security culture within the business and prioritise its value and importance.”