Mastering security awareness in the digital era

Issue 6 2023 Security Services & Risk Management, Training & Education


Simeon Tassev.

Cybersecurity threats are becoming increasingly sophisticated and targeted in today's digital landscape. While organisations invest in advanced anti-malware and threat detection software, they often overlook a critical variable in their security posture: people.

Human error and lack of security awareness remain the number one security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes. Furthermore, organisations need to be cognisant of the ever-evolving nature of human-targeted attacks, the impact of human error on security, best practices for staying security savvy, the components of a strong human risk management programme, and the steps to building a security-first culture.

The evolution of human-targeted attacks

Human-targeted attacks are expected to evolve not only in terms of execution but also in their level of specificity and believability. Threat actors are employing targeted approaches to infiltrate organisations and extract sensitive information. Previously, attacks were generic and employed basic templates. However, today's attackers are increasingly sophisticated, using personalised techniques such as company email attacks. Attackers will continue refining their methods to obtain critical information, thus demanding heightened vigilance from organisations.

Human error poses a significant security risk to organisations, possibly undermining even the most robust security strategies and systems. It is, therefore, crucial to identify critical areas within an organisation and assess the potential risk of human error in those areas. For example, a seemingly minor mistake, such as a call centre agent providing extra information to a caller, can inadvertently aid a perpetrator in launching a company email attack.

Understanding the dynamics of the threat landscape and the potential risks involved allows businesses to prioritise critical areas and implement appropriate training and security measures.

Best practices for employees to stay security savvy

Building a culture of security awareness is crucial for keeping staff security savvy. This can be achieved through various campaigns, tools, and techniques. Regular communication about cyber threats, reminders, screensavers, and posters can help raise awareness and make security second nature. It is essential to continuously educate employees about new techniques and potential threats to ensure they remain up-to-date and vigilant.

Furthermore, a robust human risk management programme combines various tools, policies, procedures, and controls to heighten security measures. While no method is full-proof against human error, it is crucial to understand and prioritise the imminent risks at hand. Risk management allows organisations to identify acceptable risks and focus on mitigating unacceptable risks. Training platforms and risk profiling can help tailor training, additional controls, and policies to specific areas of the business, and success in human risk management requires ongoing assessment and adjustment, acknowledging that unexpected threats can emerge.

Building a security-first culture

Building a security-first culture starts with top-down leadership. Management must understand the importance of security and ensure the implementation and enforcement of relevant policies and procedures. Enforcement helps prevent security breaches and fosters a culture where employees understand the reasoning behind security measures. Scenario-based learning, where employees are exposed to various cyber threat situations, can help them comprehend the relevance of security strategies in their specific roles and environments. In an effort to stay ahead of evolving threats, organisations must maintain a proactive approach to cybersecurity.

In the ever-evolving cyber landscape, organisations must recognise that people play a crucial role in security. Human-targeted attacks continue to evolve, demanding greater vigilance and targeted training efforts. Human error remains the number one security threat, emphasising the need for robust risk management programs and comprehensive security training. Building a security-first culture requires top-down leadership, effective communication, and ongoing education to proactively empower employees to identify and mitigate security risks.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity recovery matters most
Security Services & Risk Management
As cyberattacks grow more targeted, more destructive, and increasingly aimed at the very fabric of trust within the enterprise, the ability to restore identities has become just as critical as restoring data.

Read more...
ISO 27701 helps demonstrate privacy compliance beyond POPIA
Security Services & Risk Management
ISO 27701 include privacy-specific controls and provides a structured way to manage Personally Identifiable Information (PII) throughout its lifecycle, giving organisations a way to demonstrate how privacy is managed.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
The risk at the edge of South Africa’s agriculture supply chain
Security Services & Risk Management Agriculture (Industry) Logistics (Industry)
Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies are not attractive targets for cybercriminals. Unfortunately, that belief is precisely what makes them one.

Read more...
Free POPIA Action List for gated access
ATG Digital News & Events Residential Estate (Industry) Training & Education Commercial (Industry)
ATG Digital, in partnership with CIVITAS, released the POPIA Responsible Party Action List. It is a free, practical guide for HOAs, body corporates, managing agents, landlords, employers and institutions. It helps them move from assuming compliance with the Protection of Personal Information Act (POPIA) to proving it.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Break the silence on fraud
Security Services & Risk Management
We are entering a new era of fraud, one defined by groups that operate across borders, using advanced digital tools and impersonation tactics to deceive victims and wear down communities' trust and financial security.

Read more...
Africa’s white-collar crime landscape
Security Services & Risk Management
White-collar crime in Africa is no longer a predominantly domestic concern; it has expanded onto the international stage, and so too has the corporate exposure that accompanies it.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.