The insecurity of people and security

Issue 1 2022 Training & Education

KnowBe4 did a survey of security habits around the world and unpacked how people behaved and the mistakes they made.The survey included more than 6000 people from across several countries, including South Africa, the US, Norway and the UK and dug deep into security behaviours around social engineering, password policies and more.

Anna Collard.

It revealed that around 53% of respondents believed they would be very comfortable reporting a violation or security issue with South Africa achieving an impressive 80%, compared with the 35% in Germany and 39% in the Netherlands. As Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa, points out, this is a good time to replicate South Africa when it comes to encouraging people to report incidents and protect the business.

“Many people do not report a security incident because the process is too difficult, or they are too scared to report it,” she explains. “This is often made more complex by the fact that people do not know how to report an issue. These facts point to security systems that are complicated and confusing and to a cultural or societal issue that makes people feel uncomfortable or unsafe when reporting an issue. And both of these challenges have to be addressed.”

People are the last line of cybersecurity defence. They can prevent an issue from escalating and stop an attack from happening. They can also be the primary reason why an attack takes place. If they are falling for a phishing attempt or not reporting an incident, then they are potentially leaving the door wide open to attackers.

“The report found that South African IT security teams are seen as the most responsive and helpful,” says Collard. “Around 60% of South African respondents believed their teams were helpful compared to the global average of 43%, which is very likely why people were comfortable flagging an issue with them. The Norwegian and Dutch teams were rated the most unhelpful.”

This pattern in responsiveness on an emotional level is invaluable as organisations can use this insight to create a more engaging security culture. The best programmes are those that emphasise the importance of the employee’s role in ensuring that the business remains secure, while also establishing a positive and emphatic relationship between people and the IT Security team.

“Another area that the survey highlights as worth focusing on is around password security and multi-factor authentication (MFA),” says Collard. “Around 44% of respondents said they used different passwords for different sites, which shows that there is awareness around computer security. But only just over 23% of respondents said they used MFA, which is a concern. South Africa was the lowest at 13% and Germany at 14%, but all end users need to focus on increasing MFA adoption to better beat the cybersecurity odds.”

Overall, the survey underscored how important training has become for companies looking to increase their security posture and behaviours. People need to be given regular insight into how their actions change the face of security and how they can play a positive role in shaping the culture of security within the business. These steps will help build a solid foundation of security within the business by fundamentally shifting how people behave online and in the business.

“Already, South African companies lead the way when it comes to proactive response times with accessible IT teams, now all that is left is to polish up our general security awareness,” concludes Collard.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Revised ASIS Security Risk Assessment Standard
Training & Education
ASIS International has released a revised American National Standards Institute (ANSI) - approved standard for security risk assessments. The revised standard provides a comprehensive overview of conducting a thorough assessment to manage security risks.

Gallagher Security launches Augmented Reality Training in Australia
Gallagher Training & Education Access Control & Identity Management
Gallagher Security has announced the latest addition to its innovative suite of training solutions, Augmented Reality Training, demonstrating its continued commitment to innovation and improving access to security training opportunities.

SAIDSA achieves ISO 9001 certification
SAIDSA(SA Intruder Detection Services Association) Associations News & Events Training & Education
The South African Intruder Detection Services Association (SAIDSA) has announced that it has achieved ISO 9001:2015 certification. This milestone reflects its commitment to quality management and excellence in the security services industry.

Tips and tools for trade businesses
News & Events Training & Education
ServCraft brings together trade industry associations and corporations to launch blox, a digital content platform and community impacting lives, businesses and industries across hundreds of thousands of trade business SMEs.

Africa Online Safety Platform launched in SA
Training & Education News & Events
Impact Amplifier, with the financial support of, launched its African Online Safety Platform (AOSP), a platform providing a rich repository of research, education content, funding opportunities and ways to seek help after an online crime.

South African Keiron PRO laser target system
News & Events Training & Education
Jacstech, based in Cape Town, South Africa, has been appointed to supply a complete Keiron PRO laser training system to the SIRT Academy. The SIRT Academy is a firearms and tactics training facility in Perugia, Italy.

Practical guide to protect data privacy
Training & Education Information Security
The Data Privacy Toolkit, reflecting the evolving landscape of data privacy, includes guidelines and recommendations to safeguard sensitive information crucial for protecting sensitive information from malicious actors.

ONVIF releases first add-on for secure communications
Surveillance Training & Education
ONVIF has released the final version of the TLS Configuration add-on to increase the security of communications between devices and software clients within a physical security system.

Mastering security awareness in the digital era
Security Services & Risk Management Training & Education
Human error and lack of security awareness remain the first security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes.

Preparing young entrepreneurs
News & Events Training & Education
Liquid Intelligent Technologies SA recently announced that its Youth Empowerment Programme is successfully preparing young South Africans with the skills they need to succeed in a digital future.