The side effects of Working from Home (WFH), a strategy adopted by companies to mitigate spread of Covid-19 a few years ago are showing up with organisations citing damages in reputation and finances.
According to Liquid C2 Cyber Security Report 2022, an increasingly dispersed workforce has put an immense pressure on cyber security teams as nearly two in three companies in Kenya, South Africa and Zambia (where survey was conducted) experienced a data breach in the past year.
Hacking remains a significant threat in Kenya more than South Africa and Zambia. This is closely followed by unauthorised access and cyber-attacks, with companies concerned about confidential information being stolen or accessed, particularly in Kenya and Zambia.
“The attacks witnessed are due to the radical change in working frameworks from in-office to online during the pandemic to a hybrid approach that has gained traction over the past two years. An increasingly dispersed workforce has put immense pressure on cyber security teams,” notes the report.
Hacking is the leading concern for companies in South Africa, with Kenya and Zambia, showing an increase in their concerns around this threat, while email attacks and social engineering attacks are still perceived as two of the biggest ongoing threats.
One of the primary threats cited by decision-makers in the three countries around remote and hybrid working was authorised use – the concern that the person accessing the device or the company resources is not a family member or someone misusing company owned resources. There are concerns around managing this challenge alongside malicious code from harmful websites and lost or stolen devices. Companies are therefore focusing on security solutions that help them manage these challenges more effectively, such as endpoint protection, firewalls, and backups.
Password compromise is a rising concern in South Africa and Kenya. At the same time, Zambia is concerned about social engineering attacks, and all three countries have shown increased awareness around the risks presented by SMS attacks. However, this remains a low priority overall.
Kenyan respondents feel illegal access to information is a great concern and perceive the single biggest impact to be damage to reputation and the company’s credibility in the event of a breach. Kenyan companies seem to be migrating back to 100 per cent in-office work, with an increase from 34 per cent in 2021 to 50 per cent in 2022. This is perhaps influenced by the fact that Kenya has seen a rise in data breaches, with four in five respondents having experienced one in the past year.
In South Africa, companies cite hacking and gaining unauthorised access to information systems and assets as the biggest threats, with the financial impact of a breach the most serious concern.
South Africa favours the hybrid model of working with in-office employees, only having seen a 3 per cent increase from 2021.
Companies in Zambia cite data loss, including data exfiltration or leakage, as a concern and put business disruption as their most considerable perceived fall- out at 31 per cent, which is higher in comparison to the 12 per cent average across all countries.
Although Zambia recorded the lowest threats compared to other countries, 62 per cent say the threats have increased in the past year. Interestingly, Zambia does not support a solely remote working model, with 55 per cent being in the office and 45 per cent following a hybrid model.
Nature of Attacks
Email attacks, including phishing, Spam remains highest at 67 per cent, password compromise at 48 per cent, Data breach and data theft at 44 per cent while unauthorized use for instance by family members misusing company owned resources remains at 35 per cent.
Companies also grapple with identity theft, malware including ransomware, lost and stolen laptops, vulnerability exploitation, use of unsanctioned applications and no frequent backup of organizational information.
“To mitigate the threat, 72 per cent of companies have implemented advanced endpoint protection with data backup (51 per cent) and secure VPN and remote access (44 per cent), coming in at second and third place, respectively.”
“There has also been a marked increase in two-factor authentication, email content filtering, malware detection, and web content filtering since 2021.”
The report revealed a landscape where companies prioritise security but remain constrained by limited access to talent and budgets. “This is why it has become vital for organisations to collaborate with trusted third-party managed security services providers (MSSPs) to reinforce and refine their security postures while remaining aligned with budgets and spend.”
Cyber Attacks Remain Key Risk in Online Banking – CBK – Kenyan Wallstreet
