Mastering security awareness in the digital era

Issue 6 2023 Risk Management & Resilience, Training & Education

Simeon Tassev.

Cybersecurity threats are becoming increasingly sophisticated and targeted in today's digital landscape. While organisations invest in advanced anti-malware and threat detection software, they often overlook a critical variable in their security posture: people.

Human error and lack of security awareness remain the number one security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes. Furthermore, organisations need to be cognisant of the ever-evolving nature of human-targeted attacks, the impact of human error on security, best practices for staying security savvy, the components of a strong human risk management programme, and the steps to building a security-first culture.

The evolution of human-targeted attacks

Human-targeted attacks are expected to evolve not only in terms of execution but also in their level of specificity and believability. Threat actors are employing targeted approaches to infiltrate organisations and extract sensitive information. Previously, attacks were generic and employed basic templates. However, today's attackers are increasingly sophisticated, using personalised techniques such as company email attacks. Attackers will continue refining their methods to obtain critical information, thus demanding heightened vigilance from organisations.

Human error poses a significant security risk to organisations, possibly undermining even the most robust security strategies and systems. It is, therefore, crucial to identify critical areas within an organisation and assess the potential risk of human error in those areas. For example, a seemingly minor mistake, such as a call centre agent providing extra information to a caller, can inadvertently aid a perpetrator in launching a company email attack.

Understanding the dynamics of the threat landscape and the potential risks involved allows businesses to prioritise critical areas and implement appropriate training and security measures.

Best practices for employees to stay security savvy

Building a culture of security awareness is crucial for keeping staff security savvy. This can be achieved through various campaigns, tools, and techniques. Regular communication about cyber threats, reminders, screensavers, and posters can help raise awareness and make security second nature. It is essential to continuously educate employees about new techniques and potential threats to ensure they remain up-to-date and vigilant.

Furthermore, a robust human risk management programme combines various tools, policies, procedures, and controls to heighten security measures. While no method is full-proof against human error, it is crucial to understand and prioritise the imminent risks at hand. Risk management allows organisations to identify acceptable risks and focus on mitigating unacceptable risks. Training platforms and risk profiling can help tailor training, additional controls, and policies to specific areas of the business, and success in human risk management requires ongoing assessment and adjustment, acknowledging that unexpected threats can emerge.

Building a security-first culture

Building a security-first culture starts with top-down leadership. Management must understand the importance of security and ensure the implementation and enforcement of relevant policies and procedures. Enforcement helps prevent security breaches and fosters a culture where employees understand the reasoning behind security measures. Scenario-based learning, where employees are exposed to various cyber threat situations, can help them comprehend the relevance of security strategies in their specific roles and environments. In an effort to stay ahead of evolving threats, organisations must maintain a proactive approach to cybersecurity.

In the ever-evolving cyber landscape, organisations must recognise that people play a crucial role in security. Human-targeted attacks continue to evolve, demanding greater vigilance and targeted training efforts. Human error remains the number one security threat, emphasising the need for robust risk management programs and comprehensive security training. Building a security-first culture requires top-down leadership, effective communication, and ongoing education to proactively empower employees to identify and mitigate security risks.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

South Africa shows a 1200% increase in deepfake fraud
News & Events Risk Management & Resilience
Sumsub released its third annual Identity Fraud Report of the year, analysing identity fraud across industries and regions based on millions of verification checks across 28 industries and over 2 million fraud cases.

Protecting organisations against fraud losses caused by ghost employees
Risk Management & Resilience
Several key South African organisations are potentially incurring significant losses due to 'ghosts’; ghost employees who exist on paper within business or government departments, but not in real life.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

The illusion of good intentions
Risk Management & Resilience
The psychology of cyber criminals continues to be an intriguing aspect of discussions surrounding cybercrime. What cybercriminals do, particularly with ransomware, is neutralising perceptions of what they are doing by using business terminology.

Rapid rise in DNS attacks drives demand for new approach
Infrastructure Risk Management & Resilience
As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.

Cyber threat anticipation
NEC XON Information Security Risk Management & Resilience
The ever-increasing number of sophisticated attacks on the horizon means organisations must evolve and adapt their cybersecurity strategies to protect their data, systems, and reputation.

Service orientation and attention to detail
Technews Publishing Editor's Choice Risk Management & Resilience
Lianne Mc Hendry evolved from working for an accounting firm to an accomplished all-rounder familiar with the manufacturing, distribution, and system integration aspects of the security industry value chain.