Providing secure communications

Issue 6 2020 Information Security

Attackers breach the perimeter one way or another and either ‘become’ or impersonate an insider. This is why the Zero Trust security model is being adopted at such a fast rate globally. The Zero Trust model was created in 2010 by a principal analyst at Forrester[1]. Today it is repeatedly implemented as organisations scramble to protect enterprise systems against increasingly sophisticated attacks.

Technology and processes have been developed to not only keep data secure but to delete it securely, and all this is wrapped up in governance and legislation. It all relates back to the rights of the individual. Few businesses get it right and even worse, are always surprised when they are slapped with $100 million fines because they lost control over data.

Andrew Sjoberg.

Really businesses need to start at the beginning and ensure they have the right skills and advice on board in order to set up best practices for security awareness within the enterprise. Training programmes are required that address security behaviour and provide staff with the information they need to be aware of hacking attempts and not end up being duped by cyber criminals.

Employees need to understand that they must be sceptical about emails and scrutinise the source to ensure they are from who they purport to be. One would think with the amount of publicity around email scams that staff would be wary about clicking on links in emails – but it is still one of the most successful routes into a company’s confidential data.

Damaging behaviours like this and oversharing on social media, or believing requests delivered through electronic channels without first verifying them, remain common.

Mimecast research[2] revealed that there are a wide range of issues about which security professionals are concerned, but the most pressing concerns remain focused on data breaches, phishing, spear phishing and ransomware. The report notes that these are all areas in which good security awareness training can be highly effective at reducing risk.

Results included:

• Most organisations have been victimised. Sixty-five percent of organisations surveyed were found to be the victim of various types of security threats, most notably phishing attacks that were successful in delivering malware, targeted email attacks and data breaches.

• Phishing and spear phishing are on the increase. More than 90 percent of organisations reported that phishing and spear phishing attempts were either increasing or staying at the same levels.

• Confidence in current security training was reported to be low.

• Security awareness training was reported as not adequate in most cases

• Senior business managers and users were not seen to be enthusiastic about training.

This last finding is both disturbing and common as it does report senior IT execs to be supportive – possibly due to the more in-depth understanding of the risks and the need for security awareness training, but senior business managers and general employees were revealed to be indifferent. The receipt of some of the hefty PoPIA fines would doubtless change this attitude.


[2] thes/analyst-reports/dates/2018/10/best-practices-for-implementing-security-awareness-training/

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.