Building a human firewall

1 August 2019 Cyber Security, Training & Education

With Kaspersky research showing 970 557 phishing attacks detected in South Africa in Q1 2019 alone – an average of 10.783 per day – and 53 829 mobile malware attacks in the same period – an increase of 6% compared to Q1 2018 – one has to ask how vulnerable companies are to these threats and what role does human error play in businesses becoming victim to such attacks in the growing cyber threat landscape?

Riaan Badenhorst, general manager of Kaspersky in Africa answered some questions on the topic for Hi-Tech Security Solutions.

What are the growing cyber risks to SA businesses and the role of human error?

Badenhorst: As digital technologies continue to evolve and influence how businesses operate in the local environment, it has become critical for cybersecurity to be top of mind for business leaders. Some of the prevalent cyber risks that businesses face today include:

* Phishing attacks – phishing is one of the most popular weapons cybercriminals use to attack an organisation. These scams involve cybercriminals acting as legitimate companies or organisations to defraud users to obtain sensitive information.

* Malware threats – malware, or malicious software, is a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, including viruses, worms, Trojans, spyware and more. Kaspersky detected 53 829 mobile malware attacks in South Africa in Q1 2019 - an increase of 6% compared to Q1 2018.

* Ransomware - ransomware continues to be an effective attack for cybercriminals. Last year, the share of victims affected by the top ransomware actors grew from 33% to 50%, where globally 27 000 SMBs were attacked by cryptors. Furthermore, throughout 2018, Kaspersky detected 39 842 malicious encryptor modifications. WannaCry continues to dominate the Top 10 list of the most widespread encryptor families of all time.

* Mobile related attacks [think Bring Your Own Device (BYOD)] – there is no question as to why the virtual office has become so prevalent in the business world. Considering today’s demanding business scenario where customers are always online and demands and competition are high – allowing staff to connect to the business network using the device of their choice makes turnaround time on work quicker and more comfortable. However, it also poses a risk.

People and the businesses they work for often think having high-end security systems in place is enough to mitigate cyber threats effectively. However, human error still plays a big role into the reality of cyberattacks to the business. In fact, research indicates that more than 80% of all cyber incidents are caused by human error – costing corporates millions to recover from staff-related incidents. The role of human error needs to be taken seriously and businesses need to start effectively mitigating this risk.

Technology investment is key to sustained business growth – how can businesses minimise the corporate risk of human error – what action is needed?

Badenhorst: The modern business looking to grow, simply cannot shy away from investing in technology. The key to surviving the threat landscape is to acquire threat intelligence by preparing not only the business with the systems and tools for cyber risk mitigation, but also its people. For a business to reap the benefits of the digital world, it must do so with cybersecurity awareness and training for its employees in mind. Kaspersky believe that minimising the potential human error aspect of cybersecurity in a business requires the business to look at building a Human Firewall.

In a growing cyber threat landscape, such awareness extends beyond the basic training structures that most organisations have in place today. Rather, a business needs to consider a holistic training solution platform that looks at:

* Building strong cyber-hygiene skills through micro learning and reinforcement – this involves engaging employees in the education process around cybersecurity, with the aim to increase their personal cyber awareness. This training must be easy to digest, memorable and practical to the employee.

* Agile fit - enterprise-level scalability – a business must recognise that every employee will be at a different cyber awareness level and will be required to understand cyber security differently based on their role within the business. Therefore, cybersecurity training must be agile to meet the training needs of all employees and at any level, to ensure everyone can learn within their own parameters, so that the full business is armed and prepared accordingly.

To mitigate cyber risks effectively, businesses should look to seek training solutions that are practical and make it easier to ensure staff are armed with the very latest skills and knowledge.

The concept of a Human Firewall – what is this and how can a company achieve this?

Badenhorst: The concept of the Human Firewall looks at equipping employees/staff – through comprehensive security training – with the skills to operate in the digital roadmap of the organisation, while being threat intelligent enough to mitigate risks and minimise human error that has previously set many businesses back.

Put simply, building a Human Firewall requires security awareness and training solutions that are tailored to the unique organisation’s needs and the needs of its staff members. Building Human Firewalls means that businesses need to seek training programmes that offer not only knowledge, but – more importantly – change habits and form the new behaviour patterns to IT security practices that ensure risk mitigation.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Trying to catch the big phish
J2 Software Cyber Security
Rather than focus on techniques, John Mc Loughlin, CEO of J2 discusses how phishing applications have changed to match new security standards.

Corporations protected, but not secure
News Cyber Security Security Services & Risk Management
Nearly three quarters of South Africa’s top 100 corporates are investing more in cybersecurity than the industry average, but an almost equal proportion don’t feel fully protected by their current cybersecurity strategy.

People and processes for banking security
Vox Cyber Security Security Services & Risk Management
South Africa is the third most-targeted country worldwide when it comes to cybercrime and it is no different with the local banking sector, which needs to ensure its systems and people are ready.

Dashboard for streamlined ransomware recovery
Cyber Security
The new CyberSense interface provides intuitive post-attack forensic reports that provide powerful insight into data corruption due to a ransomware attack, facilitating ransomware recovery.

You have a ‘super malicious insider’
J2 Software Cyber Security
There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats.

Secret monthly fee
Kaspersky Cyber Security
Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various mobile apps, including popular games, healthcare apps and photo editors.

Keep cloud-based security simple
Cyber Security
SA businesses have more mobile workforces now, which means a greater need for cloud security that follows data and users wherever they are amidst increase in cyberattacks.

How crypto cons work and how to protect yourself
Cyber Security
The digital gold rush is here. As more people attempt to make money from cryptocurrencies, criminals and con artists aren’t far behind, says Carey van Vlaanderen, CEO of ESET South Africa.

Ongoing cybersecurity with a click
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Maintain your cybersecurity posture with web services from Pretect designed to keep your IT infrastructure optimally protected 24 x 7.

Why companies do CCTV control room surveillance training
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
When it comes to getting resources for untapping the potential of people to realise their competencies and unlock the capacities of the systems they use, security personnel are often poor neighbours to other organisational departments.