Providing secure communications

Issue 6 2020 Information Security

Attackers breach the perimeter one way or another and either ‘become’ or impersonate an insider. This is why the Zero Trust security model is being adopted at such a fast rate globally. The Zero Trust model was created in 2010 by a principal analyst at Forrester[1]. Today it is repeatedly implemented as organisations scramble to protect enterprise systems against increasingly sophisticated attacks.

Technology and processes have been developed to not only keep data secure but to delete it securely, and all this is wrapped up in governance and legislation. It all relates back to the rights of the individual. Few businesses get it right and even worse, are always surprised when they are slapped with $100 million fines because they lost control over data.


Andrew Sjoberg.

Really businesses need to start at the beginning and ensure they have the right skills and advice on board in order to set up best practices for security awareness within the enterprise. Training programmes are required that address security behaviour and provide staff with the information they need to be aware of hacking attempts and not end up being duped by cyber criminals.

Employees need to understand that they must be sceptical about emails and scrutinise the source to ensure they are from who they purport to be. One would think with the amount of publicity around email scams that staff would be wary about clicking on links in emails – but it is still one of the most successful routes into a company’s confidential data.

Damaging behaviours like this and oversharing on social media, or believing requests delivered through electronic channels without first verifying them, remain common.

Mimecast research[2] revealed that there are a wide range of issues about which security professionals are concerned, but the most pressing concerns remain focused on data breaches, phishing, spear phishing and ransomware. The report notes that these are all areas in which good security awareness training can be highly effective at reducing risk.

Results included:

• Most organisations have been victimised. Sixty-five percent of organisations surveyed were found to be the victim of various types of security threats, most notably phishing attacks that were successful in delivering malware, targeted email attacks and data breaches.

• Phishing and spear phishing are on the increase. More than 90 percent of organisations reported that phishing and spear phishing attempts were either increasing or staying at the same levels.

• Confidence in current security training was reported to be low.

• Security awareness training was reported as not adequate in most cases

• Senior business managers and users were not seen to be enthusiastic about training.

This last finding is both disturbing and common as it does report senior IT execs to be supportive – possibly due to the more in-depth understanding of the risks and the need for security awareness training, but senior business managers and general employees were revealed to be indifferent. The receipt of some of the hefty PoPIA fines would doubtless change this attitude.

[1]https://www.csoonline.com/article/3247848/what-is-zero-trust-a-model-for-more-effective-security.html

[2]https://www.mimecast.com/resourc thes/analyst-reports/dates/2018/10/best-practices-for-implementing-security-awareness-training/




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Get proactive with cybersecurity
Information Security
The ability to respond effectively to a cybersecurity breach is critical, but the missing piece of the puzzle is a thorough, proactive evaluation to ascertain weaknesses and identify any hidden threats.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
The state of code security in 2024
Information Security
The 2024 State of Code Security survey reveals that organisations have continued to shore up application security defences over the last year, according to OpenText Premier Partner iOCO Application Management.

Read more...
What is the level of safety and integrity of the software supply chain?
Information Security IoT & Automation
Organisations are embracing AppSec practices and focusing on their software security posture. However, they highlight that insufficient funding and security resources, plus a disconnect between developers and security teams, remain major roadblocks.

Read more...
Cybercriminals target financial service providers to get at sensitive client data
Information Security
According to Ryan van de Coolwijk, Product Head for cyber at iTOO Special Risks, hackers target financial service providers because they hold sensitive client information that unauthorised individuals could use for fraudulent activities.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...