Bethwel Opil, Enterprise Sales Manager at Kaspersky Africa, is passionate about investing in technologies and strategies that will allow businesses to reap the benefits of the digital world — however, he believes growth in the tech sphere can lead to greater corporate cyber risks. IT News Africa’s Jenna Cook had the opportunity to chat with him about cyber-security in Africa. Here’s what transpired:
Cybersecurity risks are growing at an exponential rate, just how vulnerable are companies to threats and what are the ways these threats implicate businesses?
Companies that don’t have security measures in place will always be at a high risk of cyber threats given how digitalisation has interconnected services, platforms and communication methods.
Additionally, Bring Your Own Device (BYOD) was quickly adopted to create flexibility and accessibility that was needed in an evolving work environment. However given that the organisation no longer has full control of what devices come in and out of the network, this has also increased the chances of attack – leaving many organisations very vulnerable and compromised to data leaks and even ransom demands on highly sensitive data.
The aim of targeted attacks is to get a foothold in a company, steal corporate data or damage a company’s reputation. We are also now in an era when a malicious code can be used as a cyberweapon. And while an organisation may not be in the direct firing line, it could suffer ‘collateral damage’ if it isn’t adequately protected – making organisations more vulnerable than ever before.
Research from the Communications Authority of Kenya (CA) indicates an increase in the number of cyber threats targeted at Kenya’s cyberspace with over 10.2 million cyber events detected during the quarter October-December 2018/19 as compared to 3.8 million in the previous quarter. What role does human error play in businesses becoming victim to such attacks?
Because everything is digitally operated, human error easily plays a role in cyber-attacks within a business. Today, it is increasingly rare to come across business professionals who don’t use their own mobile device for work purposes. Be it a laptop, tablet or smartphone, these devices enable us to do a large part of our business tasks while on the go and remotely.
However, these devices also open the business up to risk including the loss of important corporate data via personal devices, as well as a negligent attitude towards the security of mobile devices. The challenge is that mobile devices tend to not stay inside a company’s security perimeter and can be exposed to unsecured public Wi-Fi or just be lost or stolen.
Furthermore, BYOD, if not managed effectively by the business, could expose a business to cyber-threats in the case of an employee accidentally downloading a compromised application preloaded with a spying module or ransomware, for example. They might try to root or jailbreak their device and expose it to even more threats.
Does minimising, and eventually eliminating, the potential for human error in business require the business to look at building a Human Firewall?
Minimising the potential human error aspect of cybersecurity does require the business to look at building a Human Firewall. Staff training should be seen as an important way to achieve this – though it must be holistic training that touches on the following key aspects:
- Building strong cyber-hygiene skills through microlearning and reinforcement – to engage employees in the education process and to increase their personal cyber-awareness, targeted training that is easy to digest, memorable and practical to the employee is key.
- Agile fit – enterprise-level scalability – every employee will be at a different cyber awareness level and will be required to understand cybersecurity differently. The business must take this into account and provide training that is agile to meet the training needs of all employees and at any level, to ensure everyone can learn within their own parameters. This way the full business is armed and prepared accordingly.
What exactly is a ‘Human Firewall’?
A Human Firewall is the process of minimising or possibly eliminating the risk of human error in the approach to cybersecurity. To ensure staff are no longer a cybersecurity risk, thorough and adequate training, across all levels, is a necessity to ensure that staff are informed and equipped to be Human Firewalls for the business and don’t bring the business cyber threat harm through unwilling or careless actions.
Achieving this can support a business in building a strong cybersecurity defence – one that exceeds relying purely on solutions-based protection. It’s about ensuring that staff are a business’s biggest security asset and not their biggest security risk.
If businesses are serious about reaping the benefits of a digital world, how can they ensure cybersecurity awareness and staff training is a priority?
As organisations continue to face a wide range of cyber threats, whether it’s from inside or outside their company, the starting point to minimise these intrusions is examining a True Cybersecurity approach. This means that not only should a business have an IT security solution, but it must be done in conjunction with employee education programmes and consistently updated security policies – which are understood and followed by everyone within the business.
Further, businesses should use a proven corporate-grade security solution, which combines anti-targeted attack technologies, as well as threat intelligence if they want to be more proactive when it comes to detecting complex attacks across the corporate IT infrastructure and successfully gains control and visibility of their security environment, should an intrusion occur.
No company can mitigate the risk of cybercrime in the digital world, merely by having an IT department – and if the right solutions, policies and education programmes are not in place, the business may find the digital world a very difficult place to navigate.
By Jenna Cook
Follow Jenna Cook on Twitter
Follow IT News Africa on Twitter