Attackers breach the perimeter one way or another and either ‘become’ or impersonate an insider. This is why the Zero Trust security model is being adopted at such a fast rate globally. The Zero Trust model was created in 2010 by a principal analyst at Forrester[1]. Today it is repeatedly implemented as organisations scramble to protect enterprise systems against increasingly sophisticated attacks.
Technology and processes have been developed to not only keep data secure but to delete it securely, and all this is wrapped up in governance and legislation. It all relates back to the rights of the individual. Few businesses get it right and even worse, are always surprised when they are slapped with $100 million fines because they lost control over data.
Really businesses need to start at the beginning and ensure they have the right skills and advice on board in order to set up best practices for security awareness within the enterprise. Training programmes are required that address security behaviour and provide staff with the information they need to be aware of hacking attempts and not end up being duped by cyber criminals.
Employees need to understand that they must be sceptical about emails and scrutinise the source to ensure they are from who they purport to be. One would think with the amount of publicity around email scams that staff would be wary about clicking on links in emails – but it is still one of the most successful routes into a company’s confidential data.
Damaging behaviours like this and oversharing on social media, or believing requests delivered through electronic channels without first verifying them, remain common.
Mimecast research[2] revealed that there are a wide range of issues about which security professionals are concerned, but the most pressing concerns remain focused on data breaches, phishing, spear phishing and ransomware. The report notes that these are all areas in which good security awareness training can be highly effective at reducing risk.
Results included:
• Most organisations have been victimised. Sixty-five percent of organisations surveyed were found to be the victim of various types of security threats, most notably phishing attacks that were successful in delivering malware, targeted email attacks and data breaches.
• Phishing and spear phishing are on the increase. More than 90 percent of organisations reported that phishing and spear phishing attempts were either increasing or staying at the same levels.
• Confidence in current security training was reported to be low.
• Security awareness training was reported as not adequate in most cases
• Senior business managers and users were not seen to be enthusiastic about training.
This last finding is both disturbing and common as it does report senior IT execs to be supportive – possibly due to the more in-depth understanding of the risks and the need for security awareness training, but senior business managers and general employees were revealed to be indifferent. The receipt of some of the hefty PoPIA fines would doubtless change this attitude.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version