Security investments and culture

Issue 7 2020 Editor's Choice

Events of late have once again highlighted the importance of cybersecurity for companies large and small. The critical nature of technology in the fight against cyber threats can’t be underestimated and those relying on old technology or simply the most basic defences are looking for trouble.

How many small businesses can afford a ransomware demand of $5000 or more? How many large corporations have to suddenly spend millions in ransomware extortion costs or updating their cyber technology after an attack, not to mention the soft expenses like PR and appeasing your customers and partners? Garmin is said to have paid a $10 million ransom to get back access to its data, but how much more will it take to restore its reputation?

In South Africa, not defending adequately against cyber-attacks and losing personal data will soon also land you in trouble with the Protection of Personal Information Act, which will have its own consequences. And a failure in one’s defences does not always mean not enough technology is in place, it can also be bad decisions by staff.

An often ignored part of a cyber-attack of any kind is the role people play, most often accidentally, allowing malware in. Chris Ogden, CEO of RubiBlue says that while cyber-attacks are a fact of life, many companies and individuals have not reached the point where effective defences are also a fact of life, especially when it comes to employees.

“When it comes to security, any type of security, one always has to start with the individual,” he explains. Everybody must understand their role in securing the organisation and the consequences of not doing it. If someone has access to sensitive information and runs a malware script by clicking on an attachment or plugging in a USB drive they found, they are a single point of failure in the organisation’s security posture. And with people working from home, security awareness may be relaxed, which is yet another risk to organisations.

Ogden adds that many people, at all levels, still haven’t grasped how dangerous it is to simply share information with others – like passwords or confidential information. Convenience often wins out over common sense, even after people have been trained. The solution is for each person to take ownership of their security responsibilities and they must be taught the consequences of failure. Especially in smaller companies, for example, failure can result in the business closing.

Plan for the worst

There are enormous profits to be made from cybercrime today, and very little can be done to stop the criminals. Laws against hacking and such do little to assist companies as most cybercriminals operate from foreign countries, and even local ones know how to hide their identities. The capabilities of law enforcement in this regard are also lacking.

Ogden says it is therefore imperative that organisations plan for the worst. “Having planned your defences, through both technical solutions and human training, you also need to plan for failure: what if they do get in?”

An organisation can have cyber-insurance to handle the costs of a breach, or most of the costs, but how are you going to reassure your customers and partners that you are back on track and it is business as usual? Perhaps a better question would be to ask if you can get back on track.


Chris Ogden.

Be ready for an emergency restart

What are you going to do about your data and systems? Do you know which data or systems should be considered your ‘treasures’ and should receive the ultimate protection? Do you have backup systems that actually restore data and will allow you to be up and running quickly? Do you know who has access to your data treasures? Does everyone with access need it?

As noted, with more people working from home now, it is even more important that they be educated about security and their role. Homes do not have the budget to install the same security that is in place at work and people therefore need to be even more vigilant and careful. A culture of security needs to be built and staff need to understand that their responsibilities do not stop because they are not in the office.

“A security mindset is actually a corporate asset given the risk environment today,” states Ogden. “Just as you budget for security technology and services, you need to budget for employee training and awareness campaigns, and it doesn’t hurt to screen new employees before hiring them.”

In the cybersecurity world, failure is an option. In fact, it is almost guaranteed that at some stage you will be hit. Ogden recommends that organisations not only plan their risk mitigation strategies using both technology and people, but also plan for the worst. “If the worst does happen, know what you need to do and make sure you can get back up and running – safely – as fast as possible.”




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...
Historic Collaboration cuts ATM Bombings by 30%
Online Intelligence Editor's Choice News & Events Security Services & Risk Management
Project Big-Bang, a collaborative industry-wide task team, has successfully reduced ATM bombings in South Africa by 30,7% during the predetermined measurement period of November, December and January 2024/5.

Read more...
World-first safe K9 training for drug detection
Technews Publishing SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
The need for integrated control room displays
Leaderware Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...
Cyber top business risk as climate change hits record high
Editor's Choice
Globally, companies identify cyberattacks, particularly data breaches, as their primary business concern for the coming year, with business interruption ranked second. In Africa and the Middle East, cyber incidents, shifts in legislation and regulation, and macroeconomic developments are the three foremost business risks.

Read more...
As technology converges, so does cybercrime
Editor's Choice
Cybercrime is no longer siloed: it involves complex collaborations and coordination between different malicious entities, including state actors, organised crime and even drug and human trafficking networks.

Read more...