printer friendly version

Building a human firewall

With Kaspersky research showing 970 557 phishing attacks detected in South Africa in Q1 2019 alone – an average of 10.783 per day – and 53 829 mobile malware attacks in the same period – an increase of 6% compared to Q1 2018 – one has to ask how vulnerable companies are to these threats and what role does human error play in businesses becoming victim to such attacks in the growing cyber threat landscape?

Riaan Badenhorst, general manager of Kaspersky in Africa answered some questions on the topic for Hi-Tech Security Solutions.

What are the growing cyber risks to SA businesses and the role of human error?

Badenhorst: As digital technologies continue to evolve and influence how businesses operate in the local environment, it has become critical for cybersecurity to be top of mind for business leaders. Some of the prevalent cyber risks that businesses face today include:

* Phishing attacks – phishing is one of the most popular weapons cybercriminals use to attack an organisation. These scams involve cybercriminals acting as legitimate companies or organisations to defraud users to obtain sensitive information.

* Malware threats – malware, or malicious software, is a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, including viruses, worms, Trojans, spyware and more. Kaspersky detected 53 829 mobile malware attacks in South Africa in Q1 2019 - an increase of 6% compared to Q1 2018.

* Ransomware - ransomware continues to be an effective attack for cybercriminals. Last year, the share of victims affected by the top ransomware actors grew from 33% to 50%, where globally 27 000 SMBs were attacked by cryptors. Furthermore, throughout 2018, Kaspersky detected 39 842 malicious encryptor modifications. WannaCry continues to dominate the Top 10 list of the most widespread encryptor families of all time.

* Mobile related attacks [think Bring Your Own Device (BYOD)] – there is no question as to why the virtual office has become so prevalent in the business world. Considering today’s demanding business scenario where customers are always online and demands and competition are high – allowing staff to connect to the business network using the device of their choice makes turnaround time on work quicker and more comfortable. However, it also poses a risk.

People and the businesses they work for often think having high-end security systems in place is enough to mitigate cyber threats effectively. However, human error still plays a big role into the reality of cyberattacks to the business. In fact, research indicates that more than 80% of all cyber incidents are caused by human error – costing corporates millions to recover from staff-related incidents. The role of human error needs to be taken seriously and businesses need to start effectively mitigating this risk.

Technology investment is key to sustained business growth – how can businesses minimise the corporate risk of human error – what action is needed?

Badenhorst: The modern business looking to grow, simply cannot shy away from investing in technology. The key to surviving the threat landscape is to acquire threat intelligence by preparing not only the business with the systems and tools for cyber risk mitigation, but also its people. For a business to reap the benefits of the digital world, it must do so with cybersecurity awareness and training for its employees in mind. Kaspersky believe that minimising the potential human error aspect of cybersecurity in a business requires the business to look at building a Human Firewall.

In a growing cyber threat landscape, such awareness extends beyond the basic training structures that most organisations have in place today. Rather, a business needs to consider a holistic training solution platform that looks at:

* Building strong cyber-hygiene skills through micro learning and reinforcement – this involves engaging employees in the education process around cybersecurity, with the aim to increase their personal cyber awareness. This training must be easy to digest, memorable and practical to the employee.

* Agile fit - enterprise-level scalability – a business must recognise that every employee will be at a different cyber awareness level and will be required to understand cyber security differently based on their role within the business. Therefore, cybersecurity training must be agile to meet the training needs of all employees and at any level, to ensure everyone can learn within their own parameters, so that the full business is armed and prepared accordingly.

To mitigate cyber risks effectively, businesses should look to seek training solutions that are practical and make it easier to ensure staff are armed with the very latest skills and knowledge.

The concept of a Human Firewall – what is this and how can a company achieve this?

Badenhorst: The concept of the Human Firewall looks at equipping employees/staff – through comprehensive security training – with the skills to operate in the digital roadmap of the organisation, while being threat intelligent enough to mitigate risks and minimise human error that has previously set many businesses back.

Put simply, building a Human Firewall requires security awareness and training solutions that are tailored to the unique organisation’s needs and the needs of its staff members. Building Human Firewalls means that businesses need to seek training programmes that offer not only knowledge, but – more importantly – change habits and form the new behaviour patterns to IT security practices that ensure risk mitigation.

Share this article:

Further reading: