Last year, the average global cost of a cybersecurity breach was $4.9-million, according to the 2024 IBM Cost of a Data Breach Report, illustrating just how damaging cyberattacks can be. Corporate networks are being compromised as threat actors leverage platforms like LinkedIn, Facebook, and WhatsApp to deploy malware, harvest credentials, and infiltrate sensitive data – exploiting employees’ social media use on work devices connected to internal networks. This Cybersecurity Awareness Month, the message to businesses is clear: weak IT oversight increases corporate cyber risks.
“Consumer platforms built for everyday use weren’t designed to meet the security needs of businesses,” says Allan Juma, Cyber Security Engineer at ESET East Africa. “Unlike purpose-built enterprise systems with strict protocols and layered defenses, these tools lack the safeguards needed to protect sensitive data. The problem is compounded by a regulatory vacuum. With no specific laws governing workplace social media use, many businesses operate without cybersecurity policies for online platforms – creating gaps where risky cyber activity can easily slip past defenses undetected.”
Across Africa, Interpol reports a sharp increase in both the number of attacks and their financial toll. “Much of that cost comes down to human error,” says Juma. “AI-powered social engineering has raised the bar, making attacks so convincing that identifying them becomes more challenging every day. Employees find themselves in a constant struggle to decode what’s authentic versus what’s a trap, especially when their organizations haven’t equipped them with strong defenses or taught them which warning signs to look out for.”
Rising security concerns have prompted action from the platforms themselves. Earlier this year, Meta removed more than six million scam-linked WhatsApp accounts globally. Instead of retreating, attackers doubled down – most recently exploiting a glitch in the platform to infiltrate victims’ phones and steal sensitive data. This creates a perfect storm: WhatsApp is the go-to tool for workplace communication, with more than 90% of employees across Africa using it daily – surpassing both email and Microsoft Teams.
Safaricom hosts summit to tackle growing cybersecurity threats
“Cybercriminals closely analyze what employees share on social media – client names, organizational structures, ongoing projects—and use that information to craft highly targeted phishing schemes,” Juma explains. “The ripple effect of one careless action can expose every corner of a company’s digital infrastructure, which is why robust social media governance is critical. Clear policies should guide everyone, from junior staff to executives, in understanding how their digital footprint can be exploited and what precautions to take.”
From a business perspective, the biggest vulnerability isn’t unsecure platforms – it’s people; “Businesses can’t afford to wait for these threats to evolve – they need teams that can adapt in real time,” says Juma. “When employees gain hands-on experience through realistic, scenario-based training, they develop the instincts needed to spot and neutralize risks independently. This doesn’t just safeguard existing assets but reinforces defenses and builds lasting capability. Exploring immersive training solutions with your cybersecurity provider is a practical next step.”
