What’s your cyber game plan?

Issue 3 2025 Information Security

You do not have to be a big business to be targeted by cybercrime. In fact, medium-sized businesses are often the easiest to breach, because they are just digital enough to be vulnerable, but not mature enough to be fully protected.

If you are the CEO, MD or GM, you are the decision-maker in a crisis. You are the one clients expect answers from, the one your team looks to when systems are down, and the one the board or owners hold accountable for recovery. It is up to you to drive your cybersecurity plan, because it is not a technical problem; it is a strategic, financial and reputational risk that sits squarely on your shoulders.

Business continuity underpins your operational and strategic goals. That is why a cyber-game plan must be a key part of your business strategy, encompassing the people, processes and systems required to ensure resilience.


Warren-Bonheim.

There is a difference between thinking that IT has it ‘handled’ and knowing that it is. It is when your operations grind to a halt. Your customer data is gone. The phones are ringing. That is when the rubber hits the road.

If you are not asking what your cyberattack game plan is, you are the weakest link in your IT security chain. Cyber risk is now a business risk, and if you treat it as anything less, you are exposing your company to disaster.

Here are 6 questions you should be able to answer today:

• Do we have a cyber-incident response plan, and has leadership reviewed it?

• Do we know what to do in the first 30 minutes of an attack?

• Have we done a cyber-drill with our executive and comms team?

• Have we trained employees on basic cyber hygiene (passwords, phishing, MFA)?

• What is our stance on ransomware payments, and have we reviewed this with our legal advisor?

• Are our backups isolated, tested, and recoverable within hours?

• How do we demonstrate to clients and stakeholders that we take cyber risk seriously?

If you are unsure about any of the above, you cannot afford to wait any longer; you need to be better prepared. Here are five tips on being prepared:

1. Your main cyber ‘job’ is to provide strategic oversight, not know every technical detail. No one expects you to understand ransomware payloads or endpoint detection and response software. However, they do expect you to ask the right questions, and that often means challenging assumptions.

2. Make sure there is a written cyber incident response plan that has been tested in a mock scenario. It should cover who does what, when and how, outlining roles, responsibilities, timelines, key contacts and escalation steps. In a crisis, speed is everything, so make sure you are fully prepared.

3. Cybersecurity is not a once-off audit, it is an ongoing process, and someone needs to own it. You must assign responsibility internally or through a trusted MSSP (managed security service provider). Also, make sure you schedule quarterly security reviews to get updates on risks, incidents, emerging threats, compliance, and recovery readiness.

4. It is also up to you to drive a culture of awareness. After all, cyber resilience starts with people. Ensure that your employees are trained and know how to spot phishing attempts, use strong passwords, enable MFA (multi-factor authentication), and report suspicious activity quickly.

5. Review your backup and recovery strategy. It is all very well to know that backups are in place, however, have they been tested regularly? Can you be 100% certain that core system data can be recovered quickly and that they are not corrupted? Do not assume it is handled; ask for a demo or walk-through.

While cybersecurity is often approached as a compliance checkbox or technical upgrade, the truth is that cyber resilience starts with you – the leader. The threat is real, but so is your power to be ready. Ask the tough questions, be proactive, and lead your business from risk to resilience.

For more information go to www.zinia.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...
MDR: What you’re really paying for
Information Security
When businesses invest in managed detection and response (MDR), they’re buying more than a product, they’re securing access to an entire ecosystem of human expertise, global threat intelligence, and 24x7 incident response.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.