The insecurity of people and security

Issue 1 2022 Training & Education

KnowBe4 did a survey of security habits around the world and unpacked how people behaved and the mistakes they made.The survey included more than 6000 people from across several countries, including South Africa, the US, Norway and the UK and dug deep into security behaviours around social engineering, password policies and more.

Anna Collard.

It revealed that around 53% of respondents believed they would be very comfortable reporting a violation or security issue with South Africa achieving an impressive 80%, compared with the 35% in Germany and 39% in the Netherlands. As Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa, points out, this is a good time to replicate South Africa when it comes to encouraging people to report incidents and protect the business.

“Many people do not report a security incident because the process is too difficult, or they are too scared to report it,” she explains. “This is often made more complex by the fact that people do not know how to report an issue. These facts point to security systems that are complicated and confusing and to a cultural or societal issue that makes people feel uncomfortable or unsafe when reporting an issue. And both of these challenges have to be addressed.”

People are the last line of cybersecurity defence. They can prevent an issue from escalating and stop an attack from happening. They can also be the primary reason why an attack takes place. If they are falling for a phishing attempt or not reporting an incident, then they are potentially leaving the door wide open to attackers.

“The report found that South African IT security teams are seen as the most responsive and helpful,” says Collard. “Around 60% of South African respondents believed their teams were helpful compared to the global average of 43%, which is very likely why people were comfortable flagging an issue with them. The Norwegian and Dutch teams were rated the most unhelpful.”

This pattern in responsiveness on an emotional level is invaluable as organisations can use this insight to create a more engaging security culture. The best programmes are those that emphasise the importance of the employee’s role in ensuring that the business remains secure, while also establishing a positive and emphatic relationship between people and the IT Security team.

“Another area that the survey highlights as worth focusing on is around password security and multi-factor authentication (MFA),” says Collard. “Around 44% of respondents said they used different passwords for different sites, which shows that there is awareness around computer security. But only just over 23% of respondents said they used MFA, which is a concern. South Africa was the lowest at 13% and Germany at 14%, but all end users need to focus on increasing MFA adoption to better beat the cybersecurity odds.”

Overall, the survey underscored how important training has become for companies looking to increase their security posture and behaviours. People need to be given regular insight into how their actions change the face of security and how they can play a positive role in shaping the culture of security within the business. These steps will help build a solid foundation of security within the business by fundamentally shifting how people behave online and in the business.

“Already, South African companies lead the way when it comes to proactive response times with accessible IT teams, now all that is left is to polish up our general security awareness,” concludes Collard.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Mastering security awareness in the digital era
Risk Management & Resilience Training & Education
Human error and lack of security awareness remain the first security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes.

Preparing young entrepreneurs
News & Events Training & Education
Liquid Intelligent Technologies SA recently announced that its Youth Empowerment Programme is successfully preparing young South Africans with the skills they need to succeed in a digital future.

Free South Africa Market Report webinar from TAPA EMEA
Technews Publishing Editor's Choice News & Events Transport (Industry) Training & Education Logistics (Industry)
October 2023 offers TAPA EMEA members and non-members opportunities to increase their knowledge of cargo crime and supply chain security risks in three countries in Europe, the Middle East & Africa region, where supply chains are most targeted by both organised crime groups and other offenders.

Empowering the new team of trailblazers in cybersecurity
News & Events Information Security Training & Education
Fortinet is committed to creating more opportunities for women in cybersecurity in South Africa as it actively fosters a culture of inclusion by expanding access to training and career advancement through its training institute.

Digital transformation is dependent on engaged leaders
Training & Education Infrastructure
Having a digitisation strategy in place is the starting point, but to truly activate a digital transformation programme, organisations need a strong leadership team that has acute self- awareness, and can positively contribute and direct their influence toward the people affected by change.

A golden opportunity for young South Africans
Training & Education
Doros Hadjizenonos, Regional Director for Southern Africa at Fortinet, believes that young South Africans can benefit from the current cybersecurity skills gap and turn it into a lucrative and satisfying profession.

The latest security trends at Securex South Africa 2023
Securex South Africa News & Events Conferences & Events Training & Education
Security technology evolves at a blistering pace, so it’s important to keep up to date with changing trends in order to ensure maximised safety of human and personal assets. The Securex Seminar Theatre, powered by UNISA, is the place to be.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Plugging the South African skills drain
Training & Education News & Events
Investing in young South African talent has become critical as skills slip out of the country; there has to be talent to fill the gaps of tomorrow by investing in the people of today.

Hundreds of installers join the Paxton Tech Tour
Paxton News & Events Training & Education
Paxton began the Paxton Tech Tour in February, with hundreds of installation companies and installers signing up to the half-day product experience event in order to develop knowledge and explore business opportunities with Paxton’s products and services.