Building a human firewall

1 August 2019 Cyber Security, Training & Education

With Kaspersky research showing 970 557 phishing attacks detected in South Africa in Q1 2019 alone – an average of 10.783 per day – and 53 829 mobile malware attacks in the same period – an increase of 6% compared to Q1 2018 – one has to ask how vulnerable companies are to these threats and what role does human error play in businesses becoming victim to such attacks in the growing cyber threat landscape?

Riaan Badenhorst, general manager of Kaspersky in Africa answered some questions on the topic for Hi-Tech Security Solutions.

What are the growing cyber risks to SA businesses and the role of human error?

Badenhorst: As digital technologies continue to evolve and influence how businesses operate in the local environment, it has become critical for cybersecurity to be top of mind for business leaders. Some of the prevalent cyber risks that businesses face today include:

* Phishing attacks – phishing is one of the most popular weapons cybercriminals use to attack an organisation. These scams involve cybercriminals acting as legitimate companies or organisations to defraud users to obtain sensitive information.

* Malware threats – malware, or malicious software, is a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, including viruses, worms, Trojans, spyware and more. Kaspersky detected 53 829 mobile malware attacks in South Africa in Q1 2019 - an increase of 6% compared to Q1 2018.

* Ransomware - ransomware continues to be an effective attack for cybercriminals. Last year, the share of victims affected by the top ransomware actors grew from 33% to 50%, where globally 27 000 SMBs were attacked by cryptors. Furthermore, throughout 2018, Kaspersky detected 39 842 malicious encryptor modifications. WannaCry continues to dominate the Top 10 list of the most widespread encryptor families of all time.

* Mobile related attacks [think Bring Your Own Device (BYOD)] – there is no question as to why the virtual office has become so prevalent in the business world. Considering today’s demanding business scenario where customers are always online and demands and competition are high – allowing staff to connect to the business network using the device of their choice makes turnaround time on work quicker and more comfortable. However, it also poses a risk.

People and the businesses they work for often think having high-end security systems in place is enough to mitigate cyber threats effectively. However, human error still plays a big role into the reality of cyberattacks to the business. In fact, research indicates that more than 80% of all cyber incidents are caused by human error – costing corporates millions to recover from staff-related incidents. The role of human error needs to be taken seriously and businesses need to start effectively mitigating this risk.

Technology investment is key to sustained business growth – how can businesses minimise the corporate risk of human error – what action is needed?

Badenhorst: The modern business looking to grow, simply cannot shy away from investing in technology. The key to surviving the threat landscape is to acquire threat intelligence by preparing not only the business with the systems and tools for cyber risk mitigation, but also its people. For a business to reap the benefits of the digital world, it must do so with cybersecurity awareness and training for its employees in mind. Kaspersky believe that minimising the potential human error aspect of cybersecurity in a business requires the business to look at building a Human Firewall.

In a growing cyber threat landscape, such awareness extends beyond the basic training structures that most organisations have in place today. Rather, a business needs to consider a holistic training solution platform that looks at:

* Building strong cyber-hygiene skills through micro learning and reinforcement – this involves engaging employees in the education process around cybersecurity, with the aim to increase their personal cyber awareness. This training must be easy to digest, memorable and practical to the employee.

* Agile fit - enterprise-level scalability – a business must recognise that every employee will be at a different cyber awareness level and will be required to understand cyber security differently based on their role within the business. Therefore, cybersecurity training must be agile to meet the training needs of all employees and at any level, to ensure everyone can learn within their own parameters, so that the full business is armed and prepared accordingly.

To mitigate cyber risks effectively, businesses should look to seek training solutions that are practical and make it easier to ensure staff are armed with the very latest skills and knowledge.

The concept of a Human Firewall – what is this and how can a company achieve this?

Badenhorst: The concept of the Human Firewall looks at equipping employees/staff – through comprehensive security training – with the skills to operate in the digital roadmap of the organisation, while being threat intelligent enough to mitigate risks and minimise human error that has previously set many businesses back.

Put simply, building a Human Firewall requires security awareness and training solutions that are tailored to the unique organisation’s needs and the needs of its staff members. Building Human Firewalls means that businesses need to seek training programmes that offer not only knowledge, but – more importantly – change habits and form the new behaviour patterns to IT security practices that ensure risk mitigation.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber Talent: It is more about Talent than Cyber
Issue 7 2020 , Cyber Security
Four million trained workers are needed to fully bridge the skills gap in the cybersecurity field around the world and properly defend organisations against threat actors.

Increased cloud visibility and security
Issue 7 2020 , Cyber Security
Sophos adds cloud visibility features from Cloud Optix to Intercept X Advanced for Server with EDR.

Ransomware and customer loyalty
Issue 7 2020 , Cyber Security
Arcserve research uncovers links between ransomware, consumer purchasing behaviour and brand loyalty.

IoT will transform industrial security
Issue 7 2020, Kaspersky , Cyber Security
55% of organisations globally are confident the Internet of Things will change the state of security in industrial control systems (ICS).

BYOD: bring your own danger
Issue 7 2020 , Cyber Security
Five cybersecurity threats that jeopardise the security of mobile devices and the keys to optimising their protection in a connected world.

The arms race of AI in cybersecurity
CCTV Handbook 2020, Axis Communications SA , Cyber Security
Cybersecurity goes further than network video and audio, but these are as likely to be targeted as much as any network-connected device.

Exploiting the global pandemic
Issue 7 2020 , Cyber Security
Cyber criminals targeting remote work to gain access to enterprise networks and critical data reports FortiGuard Labs.

Integrated security is key to Huawei Mobile Services
Issue 7 2020 , Cyber Security
To ensure sufficient mobile device security, the technology giant incorporates security into its chip, device and cloud capabilities.

Cybersecurity becomes key enabler of sustainable business growth
Issue 7 2020 , Cyber Security
The adoption of rushed digital transformation strategies has left many facing unintended complexities and challenges.

Africa under cyber-attack
Issue 7 2020, Kaspersky , Cyber Security
Kaspersky has reported that South Africa, Kenya and Nigeria saw millions of cyber-attacks in 2020 and the year is not over yet.