Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Security investments and culture

Issue 7 2020 Editor's Choice

By Andrew Seldon.

Events of late have once again highlighted the importance of cybersecurity for companies large and small. The critical nature of technology in the fight against cyber threats can’t be underestimated and those relying on old technology or simply the most basic defences are looking for trouble.

How many small businesses can afford a ransomware demand of $5000 or more? How many large corporations have to suddenly spend millions in ransomware extortion costs or updating their cyber technology after an attack, not to mention the soft expenses like PR and appeasing your customers and partners? Garmin is said to have paid a $10 million ransom to get back access to its data, but how much more will it take to restore its reputation?

In South Africa, not defending adequately against cyber-attacks and losing personal data will soon also land you in trouble with the Protection of Personal Information Act, which will have its own consequences. And a failure in one’s defences does not always mean not enough technology is in place, it can also be bad decisions by staff.

An often ignored part of a cyber-attack of any kind is the role people play, most often accidentally, allowing malware in. Chris Ogden, CEO of RubiBlue says that while cyber-attacks are a fact of life, many companies and individuals have not reached the point where effective defences are also a fact of life, especially when it comes to employees.

“When it comes to security, any type of security, one always has to start with the individual,” he explains. Everybody must understand their role in securing the organisation and the consequences of not doing it. If someone has access to sensitive information and runs a malware script by clicking on an attachment or plugging in a USB drive they found, they are a single point of failure in the organisation’s security posture. And with people working from home, security awareness may be relaxed, which is yet another risk to organisations.

Ogden adds that many people, at all levels, still haven’t grasped how dangerous it is to simply share information with others – like passwords or confidential information. Convenience often wins out over common sense, even after people have been trained. The solution is for each person to take ownership of their security responsibilities and they must be taught the consequences of failure. Especially in smaller companies, for example, failure can result in the business closing.

Plan for the worst

There are enormous profits to be made from cybercrime today, and very little can be done to stop the criminals. Laws against hacking and such do little to assist companies as most cybercriminals operate from foreign countries, and even local ones know how to hide their identities. The capabilities of law enforcement in this regard are also lacking.

Ogden says it is therefore imperative that organisations plan for the worst. “Having planned your defences, through both technical solutions and human training, you also need to plan for failure: what if they do get in?”

An organisation can have cyber-insurance to handle the costs of a breach, or most of the costs, but how are you going to reassure your customers and partners that you are back on track and it is business as usual? Perhaps a better question would be to ask if you can get back on track.


Chris Ogden.

Be ready for an emergency restart

What are you going to do about your data and systems? Do you know which data or systems should be considered your ‘treasures’ and should receive the ultimate protection? Do you have backup systems that actually restore data and will allow you to be up and running quickly? Do you know who has access to your data treasures? Does everyone with access need it?

As noted, with more people working from home now, it is even more important that they be educated about security and their role. Homes do not have the budget to install the same security that is in place at work and people therefore need to be even more vigilant and careful. A culture of security needs to be built and staff need to understand that their responsibilities do not stop because they are not in the office.

“A security mindset is actually a corporate asset given the risk environment today,” states Ogden. “Just as you budget for security technology and services, you need to budget for employee training and awareness campaigns, and it doesn’t hurt to screen new employees before hiring them.”

In the cybersecurity world, failure is an option. In fact, it is almost guaranteed that at some stage you will be hit. Ogden recommends that organisations not only plan their risk mitigation strategies using both technology and people, but also plan for the worst. “If the worst does happen, know what you need to do and make sure you can get back up and running – safely – as fast as possible.”




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Autonomous construction site protection
Editor's Choice Perimeter Security, Alarms & Intruder Detection
Ajax provides an autonomous security solution for a German construction site that is easy and flexible to install. It provides security against intrusions and theft via a 360-degree view.

Read more...
SMART and secure estates in Cape Town
Technews Publishing Axis Communications SA Gallagher DeepAlert Nemtek Electric Fencing Products Editor's Choice
In February 2024, SMART Security Solutions emigrated to the Western Cape to host its first SMART Estate Security Conference in the region in many years. For the day, we took over the prestigious D’Aria Wine Estate.

Read more...
SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Read more...
Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Read more...
Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.