Effects of Botswana Cultural Values on Information Security

Introduction

Information and Communications Technology (ICT) has undeniably revolutionized the development of nations globally over the past few decades. It has emerged as the core driver of a modern-day knowledge-based economy with its crucial role in socio-economic development and economic growth. ICT-based education and socioeconomic development programs provide innovative solutions to eradicate poverty and improve service delivery. Despite the hefty benefits that ICT provides, it has its downside, one of which is cybercrime.

As technology expands and develops, so do cybercrimes that are committed. The world faces over 100,000 malicious websites and 10,000 malicious files daily (Technologies (2021)). Phishing attacks account for over 80% of reported security incidents and$17, 700 is lost every minute due to phishing (Fruhlinger (2020)). Additionally, Google has registered over 2 million phishing sites in 2020 Year-to-Date, an increase of 19.9% as compared to 2019 (AtlasVPN (2020)).

2021, May 7 ransomware attack on the colonial pipeline is probably the most significant ransomware on critical infrastructure ever (Christopher Bing (2021)). Shortly after it was hit, the US faced more ransomware attacks targeting cities, ferries, and even a meat plant (Guardian News & Media Limited (2021)). Cybercrime continues to grow at an alarming rate and part of the reason is that a lot of these criminals go un-prosecuted and when they do get arrested, the consequences usually not that harsh. In Botswana for example, the harshest consequences for unauthorized access to a computer/system is imprisonment for a period not exceeding 2 years and or a fine of BWP40,000 (4,000 USD) (Government of Botswana (2018)).

Research about the root cause of cybercrime vary but all major reports point to a significant human error and behavior component (Bada et al. (2019)); (Selvam (2020)). Human error can be classified into deliberate or unintentional, where deliberate, the actor has a clear motivation, for example, a disgruntled employee (Selvam (2020)). Unintentional is due to several reasons such as not knowing how a technology works or lack of awareness. According to (Kaspersky (2017)), 46% of attacks in 2016 were due to carelessness or uniformed staff. Furthermore, 30% of security events in 2016 were caused by staff working against their employers, (Kaspersky (2017)). The main cause of human error includes ignoring and/or not knowing company policies; lack of knowledge of best information security practices and negligence, see (Selvam (2020)). To mitigate against these, several efforts have been put in place to reduce human error. These include policies and awareness campaigns to correct the behavior of users when interacting with ICT infrastructure. Regrettably, most users do not always comply with the specified policies and recommended behavior, (Bada et al. (2019)).