Providing secure communications

Issue 6 2020 Information Security

Attackers breach the perimeter one way or another and either ‘become’ or impersonate an insider. This is why the Zero Trust security model is being adopted at such a fast rate globally. The Zero Trust model was created in 2010 by a principal analyst at Forrester[1]. Today it is repeatedly implemented as organisations scramble to protect enterprise systems against increasingly sophisticated attacks.

Technology and processes have been developed to not only keep data secure but to delete it securely, and all this is wrapped up in governance and legislation. It all relates back to the rights of the individual. Few businesses get it right and even worse, are always surprised when they are slapped with $100 million fines because they lost control over data.


Andrew Sjoberg.

Really businesses need to start at the beginning and ensure they have the right skills and advice on board in order to set up best practices for security awareness within the enterprise. Training programmes are required that address security behaviour and provide staff with the information they need to be aware of hacking attempts and not end up being duped by cyber criminals.

Employees need to understand that they must be sceptical about emails and scrutinise the source to ensure they are from who they purport to be. One would think with the amount of publicity around email scams that staff would be wary about clicking on links in emails – but it is still one of the most successful routes into a company’s confidential data.

Damaging behaviours like this and oversharing on social media, or believing requests delivered through electronic channels without first verifying them, remain common.

Mimecast research[2] revealed that there are a wide range of issues about which security professionals are concerned, but the most pressing concerns remain focused on data breaches, phishing, spear phishing and ransomware. The report notes that these are all areas in which good security awareness training can be highly effective at reducing risk.

Results included:

• Most organisations have been victimised. Sixty-five percent of organisations surveyed were found to be the victim of various types of security threats, most notably phishing attacks that were successful in delivering malware, targeted email attacks and data breaches.

• Phishing and spear phishing are on the increase. More than 90 percent of organisations reported that phishing and spear phishing attempts were either increasing or staying at the same levels.

• Confidence in current security training was reported to be low.

• Security awareness training was reported as not adequate in most cases

• Senior business managers and users were not seen to be enthusiastic about training.

This last finding is both disturbing and common as it does report senior IT execs to be supportive – possibly due to the more in-depth understanding of the risks and the need for security awareness training, but senior business managers and general employees were revealed to be indifferent. The receipt of some of the hefty PoPIA fines would doubtless change this attitude.

[1]https://www.csoonline.com/article/3247848/what-is-zero-trust-a-model-for-more-effective-security.html

[2]https://www.mimecast.com/resourc thes/analyst-reports/dates/2018/10/best-practices-for-implementing-security-awareness-training/




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.