Most people don’t realize how vulnerable they are to social engineering until they experience it, according to Anna Collard, the founder of KnowBe4’s South African security awareness company Popcorn Training. Collard joined the CyberWire’s Hacking Humans podcast to discuss the results of a survey of Africans concerning cyber awareness. Collard stressed that Africa is quickly becoming a major target for scammers since so many Africans are coming online for the first time.
Collard said one of the findings of the survey that struck her the most was how many people thought they knew more than they actually did.
“I find personally, what is most interesting the in results that this report showed was that you also get quite a large percentage of people that think they are sort of equipped or that they know what to do, but they actually don't,” Collard said. “So, that's that whole concept of unconscious incompetence – you know, that quadrant where you kind of, you know what you don't know, but then you don't know you don't know. And that's a massive problem because you have people that think, well, everything's fine. And they aren't even aware of the problem itself or that they should educate themselves a bit more.”
Collard pointed to one example of this, where the survey found that most respondents felt they’d received sufficient training, but more than half didn’t know about some basic security threats and best practices.
“But the people that responded, they said that about 60% felt the employers have done enough to, you know, raise awareness,” she said. “But in the same token, 65% didn't know what ransomware was. More than 50% had no idea what multi-factor authentication is or how you would use that.”
Collard added this type of unawareness is a universal issue that affects people around the world.
“And that's not just African problems – it's worldwide, right?” she continued. “The rise in social engineering and phishing attacks and ransomware schemes. The need to put something as basic as two-factor authentication in place, especially if you do financial transactions on your mobile devices – it's so important. Yeah, and people just, you know, they think they know, but at the same time, when you ask those sort of qualifying questions, they didn't.”
New-school security awareness training can give your employees relevant knowledge about the threats they face, regardless of their level of technical experience.
The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-hh-2020-02-06.html