Security investments and culture

Issue 7 2020 Editor's Choice

Events of late have once again highlighted the importance of cybersecurity for companies large and small. The critical nature of technology in the fight against cyber threats can’t be underestimated and those relying on old technology or simply the most basic defences are looking for trouble.

How many small businesses can afford a ransomware demand of $5000 or more? How many large corporations have to suddenly spend millions in ransomware extortion costs or updating their cyber technology after an attack, not to mention the soft expenses like PR and appeasing your customers and partners? Garmin is said to have paid a $10 million ransom to get back access to its data, but how much more will it take to restore its reputation?

In South Africa, not defending adequately against cyber-attacks and losing personal data will soon also land you in trouble with the Protection of Personal Information Act, which will have its own consequences. And a failure in one’s defences does not always mean not enough technology is in place, it can also be bad decisions by staff.

An often ignored part of a cyber-attack of any kind is the role people play, most often accidentally, allowing malware in. Chris Ogden, CEO of RubiBlue says that while cyber-attacks are a fact of life, many companies and individuals have not reached the point where effective defences are also a fact of life, especially when it comes to employees.

“When it comes to security, any type of security, one always has to start with the individual,” he explains. Everybody must understand their role in securing the organisation and the consequences of not doing it. If someone has access to sensitive information and runs a malware script by clicking on an attachment or plugging in a USB drive they found, they are a single point of failure in the organisation’s security posture. And with people working from home, security awareness may be relaxed, which is yet another risk to organisations.

Ogden adds that many people, at all levels, still haven’t grasped how dangerous it is to simply share information with others – like passwords or confidential information. Convenience often wins out over common sense, even after people have been trained. The solution is for each person to take ownership of their security responsibilities and they must be taught the consequences of failure. Especially in smaller companies, for example, failure can result in the business closing.

Plan for the worst

There are enormous profits to be made from cybercrime today, and very little can be done to stop the criminals. Laws against hacking and such do little to assist companies as most cybercriminals operate from foreign countries, and even local ones know how to hide their identities. The capabilities of law enforcement in this regard are also lacking.

Ogden says it is therefore imperative that organisations plan for the worst. “Having planned your defences, through both technical solutions and human training, you also need to plan for failure: what if they do get in?”

An organisation can have cyber-insurance to handle the costs of a breach, or most of the costs, but how are you going to reassure your customers and partners that you are back on track and it is business as usual? Perhaps a better question would be to ask if you can get back on track.


Chris Ogden.

Be ready for an emergency restart

What are you going to do about your data and systems? Do you know which data or systems should be considered your ‘treasures’ and should receive the ultimate protection? Do you have backup systems that actually restore data and will allow you to be up and running quickly? Do you know who has access to your data treasures? Does everyone with access need it?

As noted, with more people working from home now, it is even more important that they be educated about security and their role. Homes do not have the budget to install the same security that is in place at work and people therefore need to be even more vigilant and careful. A culture of security needs to be built and staff need to understand that their responsibilities do not stop because they are not in the office.

“A security mindset is actually a corporate asset given the risk environment today,” states Ogden. “Just as you budget for security technology and services, you need to budget for employee training and awareness campaigns, and it doesn’t hurt to screen new employees before hiring them.”

In the cybersecurity world, failure is an option. In fact, it is almost guaranteed that at some stage you will be hit. Ogden recommends that organisations not only plan their risk mitigation strategies using both technology and people, but also plan for the worst. “If the worst does happen, know what you need to do and make sure you can get back up and running – safely – as fast as possible.”




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
AI-driven identity verification for access control
C3 Shared Services Editor's Choice
Facial authentication solutions combine advanced AI and 3D sensing technologies with ease of use to create a frictionless, touchless experience. The deployment of this technology in an access control system keeps users and administration moving.

Read more...
Access and identity in 2024
Technews Publishing Gallagher HID Global IDEMIA Ideco Biometrics Enkulu Technologies neaMetrics Editor's Choice Access Control & Identity Management Integrated Solutions
SMART Security Solutions hosted a round table discussion with various players in the access and identity market, to find out what they experienced in the last year, as well as their expectations for 2024.

Read more...
The promise of mobile credentials
Technews Publishing Suprema neaMetrics HID Global Editor's Choice Access Control & Identity Management IoT & Automation
SMART Security Solutions examines the advantages and disadvantages of mobile credentials in a market dominated by cards and fobs, in which biometrics is viewed as a secure alternative.

Read more...
PQC, AI & sustainability: five cybersecurity trends for 2024
Editor's Choice
In this article, Nils Gerhardt looks at some of the most important developments that Utimaco experts see coming in 2024, both in technology and the wider world it intersects with.

Read more...
Protecting your business in the digital economy
Editor's Choice
Conducting business in the digital age has never been more challenging. In the Zero Trust cyber security model, nothing is more important than proactively safeguarding enterprise data.

Read more...
The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Read more...
Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

Read more...
All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Read more...
Global strength, local craft
Impro Technologies Editor's Choice
Impro Technologies is a resounding success story. Started in South Africa, the company remains true to its roots and still designs and manufactures its access control systems and solutions in the country.

Read more...