The average global cost of a cybersecurity breach reached USD 4.9 million in 2024, according to the latest IBM Cost of a Data Breach Report, underscoring the escalating financial and operational risks of cyberattacks. Across Africa, companies are increasingly falling victim to breaches as cybercriminals exploit employees’ use of social media platforms such as LinkedIn, Facebook, and WhatsApp on work devices connected to corporate networks.
This Cybersecurity Awareness Month, experts are warning that weak IT oversight and a lack of governance over workplace social media use have become serious vulnerabilities for businesses.
“Consumer platforms built for everyday use were never designed to meet the security needs of businesses,” says Allan Juma, Cyber Security Engineer at ESET East Africa. “Unlike enterprise systems with strict security protocols and layered defences, these tools lack adequate safeguards. The problem is worsened by the absence of laws regulating social media use in workplaces, leaving many organisations exposed to threats that often go unnoticed.”
Human Error Remains the Biggest Weak Link
Interpol reports a sharp increase in cyber incidents across Africa, both in frequency and financial impact. Juma attributes much of the damage to human error, driven by sophisticated social engineering campaigns powered by artificial intelligence.
“AI has made scams almost indistinguishable from genuine communication,” he explains. “Employees are constantly trying to determine what is real and what is not, yet many lack the training or tools to identify subtle warning signs. This makes them easy targets for manipulation.”
WhatsApp Tops the List of Workplace Risks
Meta’s recent removal of more than six million scam-linked WhatsApp accounts highlights the scale of the challenge. Yet cybercriminals continue to adapt, recently exploiting a glitch in the platform to steal data directly from users’ devices. With more than 90 percent of employees across Africa relying on WhatsApp for workplace communication—surpassing both email and Microsoft Teams—the potential exposure is enormous.
Juma warns that cybercriminals closely monitor what employees share online. “When workers post client names, project details, or company structures, that information can be weaponised for targeted phishing attacks. One careless post can compromise an entire network. This is why organisations must have clear social media governance policies that educate all staff, from entry-level to executive, on safe online practices.”
Building Cyber Resilience Through Training
According to Juma, the most significant vulnerability for businesses is not insecure platforms but unprepared people. “Companies cannot afford to wait for threats to evolve. They need teams that can adapt in real time. Scenario-based cybersecurity training gives employees the instincts to recognise and neutralise risks before damage occurs,” he says.
He adds that investing in immersive cybersecurity training and working closely with trusted security providers can help organisations strengthen their defences, protect their assets, and build long-term resilience.
As cybercriminals continue to exploit human behaviour and digital habits, experts stress that awareness, governance, and continuous training remain the most effective shields against the next costly data breach.