Just over a year ago, a much-prized perk – the ability to work from home – became an everyday reality for many. ITWeb, in partnership with KnowBe4, conducted a survey to gain insight into the status quo of remote working in South Africa and to investigate security concerns and risks associated with a remote workforce.
The survey sought to uncover whether remote work is a future reality for SA organisations – and if remote workers have returned to the office with the easing of lockdown restrictions. It also queried whether remote workers were trained and able to withstand social engineering attacks.
A total of 348 responses were captured, with 61% of respondents being at executive or middle management level, and working in a range of major industry sectors. More than half (57%) of respondents said that flexible remote working is a future reality in their organisation, while a third (34%) said they would continue to work from home. Only 9% expect to return to the office full time.
Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4 Africa, says, “Even with vaccination rollouts and easing of lockdown restrictions, it is interesting to learn that remote working has become a long-term reality amongst the majority of the respondents, with a small percentage returning back to the office full time. This means that the pandemic has caused a paradigm shift in how we work now and in the future.”
With the lockdown restrictions easing up, half (46%) of respondents said their remote workers had returned to the office on a part-time basis. Thirty-one percent said their remote workers wouldn’t be returning for the foreseeable future. Twelve percent of respondents said their remote workforce had returned back to the office. Ten percent said they had not returned yet, but they planned to.
Twenty-eight percent of the respondents fully agreed with the statement: “Our remote workers are solidly trained and able to withstand social engineering attacks.” Thirty-one percent somewhat agreed, 21% were neutral, 12% somewhat disagreed and 5% completely disagreed.
Just over half (52%) of respondents completely agreed that their remote working infrastructure and security controls are solid. Twenty-three percent somewhat agreed. Nine percent somewhat disagreed and 3% completely disagreed.
When asked to rate the challenges in managing a remote workforce, building and keeping a team identity was chosen by most respondents. Next was motivation and productivity, followed by lack of infrastructure at home and the office. Other challenges listed were the lack of budget, cybersecurity awareness and relevant policies.
The biggest security risks associated with remote workers were listed as user behaviour and insecure home Wi-Fi networks, followed by social engineering, personal devices and sharing of corporate devices with family and friends. Interestingly, only 16% of survey respondents said they had experienced a security incident in the past 12 months related to remote working risks.
Some 61% of those experiencing a security incident related to remote working risks were due to phishing/social engineering attacks, 26% reported ransomware and 22% reported an unintentional data leak, such as a lost laptop. Also at 22% were credential theft/account compromise, while 17% experienced a malware outbreak.
Collard adds, “The fact that the majority of security incidents experienced were related to phishing and social engineering attacks highlights again the importance of educating and raising the awareness of remote workforces on how to spot and protect themselves against these types of attacks.”
Sixty-six percent of respondents said their security awareness process had changed since the beginning of the pandemic. Half of those said they had added more security awareness talks and webinars and just under half (47%) said they had introduced more e-learning training and phishing simulations.
Top security concerns among survey respondents were ranked as: preventing data breaches, compliance with regulations (POPIA, etc.), reputational damage and ransomware attacks. They were also concerned about theft of intellectual property or personal information and loss of availability and business continuity.
The security budgets of nearly half the respondents (45%) stayed the same, whereas 39% had it slightly increased. Eleven percent indicated their security budgets had increased significantly, while for 5% IT and security budgets were cut significantly.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
