printer friendly version

AVeS launches cybersecurity awareness campaign

Amidst rising cybercrime, ongoing lockdowns and the Protection of Personal Information Act (PoPIA) deadline in South Africa, organisations and their employees are facing a staggering increase in cyber risks as they continue to move more of their operations online to enable remote working. AVeS Cyber Security has launched a risk-based security awareness and education campaign across southern Africa to assist organisations in managing their cyber risks more proactively.

With more than 23-years of experience helping southern African organisations achieve confidence in their digital information, AVeS Cyber Security recognises employees as most vulnerable to cybercriminals’ current attack methods. Cybercriminals use persistent social engineering techniques, forcing employees to make errors in judgment and unwittingly grant them access to organisations’ systems. According to IBM X-Force Threat Intelligence Index 2021, human error was a major contributing cause in 95% of all data breaches in 2020, which means that mitigation of human error must be key to organisations’ cybersecurity strategy in 2021.

Security awareness and training are crucial in protecting businesses’ and their clients’ confidential information. For example, in the first 100 days of the Covid-19 lockdown in 2020 alone, Mimecast researchers detected huge increases in spam attacks (up 46%), impersonation attacks (up 75%) and malware, which spiked by a staggering 385%.

“It is crucial for all organisations to realise that their employees have a defining role to play in strengthening the business’ cyber security capabilities and lowering its cyber risk exposure. It is simply not the responsibility of the IT department or technology alone. Cyber risk remains a business risk,” says AVeS Cyber Security’s Group CEO, Charl Ueckermann.

Through this campaign, AVeS Cyber Security is encouraging and teaching organisations to be pragmatic in planning and implementing solutions that address cyber security threats in the following ways: taking quick assessments to identify current cyber risks of IT users within organisations; planning and strategising on suitable approaches that will resonate with users in a way that facilitates IT behaviour change, whether it be through workshops, interactive group games, a training platform or end-to-end awareness campaigns; and finally, testing the initiatives for effectiveness.

To manage an organisation’s risks proactively requires business leaders to combine people, process and technology in their cybersecurity initiatives. Security awareness and training identifies and addresses risks successfully across all three categories and fulfils regulatory demands to protect confidential business and personal data.

In further addressing a global cybercrime challenge, South Africa’s newly introduced data privacy legislation, PoPIA, aims to ensure that organisations protect clients’ data as South Africa’s developing digital infrastructure becomes the target of more opportunistic and targeted cybercrime. Security awareness and training can be used to strategically meet some of the legislation’s data privacy requirements while mitigating cyber risks and attacks, reducing operational costs and protecting the business’ assets.

Ueckermann also points out that the strategic value of companies is becoming more and more captured within the digital data they process, such as financial data, intellectual property and business tactics, which makes it even more crucial to protect. “Case studies show that a weak cyber risk management system starts when IT governance is not in place. IT governance needs to be strongly led by the board of directors and then well-executed by the IT department,” notes Ueckermann.

An organisation’s leadership can start by answering five key questions:

• Where is the organisation on its data privacy and cybersecurity maturity journey?

• What are the most significant cyber risks facing the business?

• What are the extent and consequences of these cyber threats?

• What is the most pragmatic and effective approach to managing these risks?

• Who can facilitate the process of fast-tracking the organisation’s journey in reasonably mitigating high-risk cyber threats?

“The biggest challenge that contributes to organisations continuing to be victims of cybercrime is a lack of direction by executive management to prioritise the people-led safeguards in the business. With purpose-driven security awareness and training, organisations can put an effective risk management system in place and reduce many of the simple mistakes that have huge cyber security consequences, such as clicking on phishing links or inserting unknown USBs into Wi-Fi-connected computers, “says Ueckermann.

Share this article:

Further reading: