Building a Human Firewall

August 2019 Cyber Security, Training & Education

With Kaspersky research showing 970 557 phishing attacks detected in South Africa in Q1 2019 alone – an average of 10.783 per day – and 53 829 mobile malware attacks in the same period – an increase of 6% compared to Q1 2018 – one has to ask how vulnerable companies are to these threats and what role does human error play in businesses becoming victim to such attacks in the growing cyber threat landscape?

Riaan Badenhorst, general manager of Kaspersky in Africa answered some questions on the topic for Hi-Tech Security Solutions.

What are the growing cyber risks to SA businesses and the role of human error?

Badenhorst: As digital technologies continue to evolve and influence how businesses operate in the local environment, it has become critical for cybersecurity to be top of mind for business leaders. Some of the prevalent cyber risks that businesses face today include:

* Phishing attacks – phishing is one of the most popular weapons cybercriminals use to attack an organisation. These scams involve cybercriminals acting as legitimate companies or organisations to defraud users to obtain sensitive information.

* Malware threats – malware, or malicious software, is a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, including viruses, worms, Trojans, spyware and more. Kaspersky detected 53 829 mobile malware attacks in South Africa in Q1 2019 - an increase of 6% compared to Q1 2018.

* Ransomware - ransomware continues to be an effective attack for cybercriminals. Last year, the share of victims affected by the top ransomware actors grew from 33% to 50%, where globally 27 000 SMBs were attacked by cryptors. Furthermore, throughout 2018, Kaspersky detected 39 842 malicious encryptor modifications. WannaCry continues to dominate the Top 10 list of the most widespread encryptor families of all time.

* Mobile related attacks [think Bring Your Own Device (BYOD)] – there is no question as to why the virtual office has become so prevalent in the business world. Considering today’s demanding business scenario where customers are always online and demands and competition are high – allowing staff to connect to the business network using the device of their choice makes turnaround time on work quicker and more comfortable. However, it also poses a risk.

People and the businesses they work for often think having high-end security systems in place is enough to mitigate cyber threats effectively. However, human error still plays a big role into the reality of cyberattacks to the business. In fact, research indicates that more than 80% of all cyber incidents are caused by human error – costing corporates millions to recover from staff-related incidents. The role of human error needs to be taken seriously and businesses need to start effectively mitigating this risk.

Technology investment is key to sustained business growth – how can businesses minimise the corporate risk of human error – what action is needed?

Badenhorst: The modern business looking to grow, simply cannot shy away from investing in technology. The key to surviving the threat landscape is to acquire threat intelligence by preparing not only the business with the systems and tools for cyber risk mitigation, but also its people. For a business to reap the benefits of the digital world, it must do so with cybersecurity awareness and training for its employees in mind. Kaspersky believe that minimising the potential human error aspect of cybersecurity in a business requires the business to look at building a Human Firewall.

In a growing cyber threat landscape, such awareness extends beyond the basic training structures that most organisations have in place today. Rather, a business needs to consider a holistic training solution platform that looks at:

* Building strong cyber-hygiene skills through micro learning and reinforcement – this involves engaging employees in the education process around cybersecurity, with the aim to increase their personal cyber awareness. This training must be easy to digest, memorable and practical to the employee.

* Agile fit - enterprise-level scalability – a business must recognise that every employee will be at a different cyber awareness level and will be required to understand cyber security differently based on their role within the business. Therefore, cybersecurity training must be agile to meet the training needs of all employees and at any level, to ensure everyone can learn within their own parameters, so that the full business is armed and prepared accordingly.

To mitigate cyber risks effectively, businesses should look to seek training solutions that are practical and make it easier to ensure staff are armed with the very latest skills and knowledge.

The concept of a Human Firewall – what is this and how can a company achieve this?

Badenhorst: The concept of the Human Firewall looks at equipping employees/staff – through comprehensive security training – with the skills to operate in the digital roadmap of the organisation, while being threat intelligent enough to mitigate risks and minimise human error that has previously set many businesses back.

Put simply, building a Human Firewall requires security awareness and training solutions that are tailored to the unique organisation’s needs and the needs of its staff members. Building Human Firewalls means that businesses need to seek training programmes that offer not only knowledge, but – more importantly – change habits and form the new behaviour patterns to IT security practices that ensure risk mitigation.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

Milestone partners prove their skills
August 2019, Milestone Systems , News, CCTV, Surveillance & Remote Monitoring, Training & Education
Within the span of one week in mid-May, the Milestone Learning & Performance group celebrated important benchmarks: 200 000 course registrations and tutorial views, and 10 000 certifications.

Inundated with cyberattacks from all directions
August 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology.

Under cyberattack
August 2019, Kaspersky Lab , Cyber Security, Residential Estate (Industry)
Cybersecurity is not something one usually associates with residential estates, but the threats from cybercriminals apply equally to estates as they do to businesses and the individual homeowner.

Cyber tools and solutions
August 2019, Technews Publishing , Editor's Choice, Cyber Security, IT infrastructure, Residential Estate (Industry)
Hi-Tech Security Solutions looks at the various options we have when it comes to protecting yourself from the ever-growing scourge of cybercrime?

Understanding the data protection requirements and how to comply for POPI or GDPR
July 2019 , Cyber Security, Security Services & Risk Management
For many companies that must comply with these legislations, the best way to prepare is to implement a solid data protection strategy that guards against loss of data.

Going safely into the brave new world of 4IR
July 2019 , Industrial (Industry), Cyber Security
Put cybersecurity at the heart of industrial digitisation on the journey to 4IR.

It’s not wise to go SIEMless
August 2019 , Cyber Security, Security Services & Risk Management
As with every other aspect of security today, information security, while the popular child in a dysfunctional family, is no longer enough.

A one-size-fits-all approach won’t secure the IoT
August 2019 , News, Cyber Security
Securing the Internet of Things (IoT) is something which cannot be done with a one-size-fits-all approach, and every kind of connected object must be assessed individually.

Cloud advantage or cost?
August 2019 , Cyber Security, IT infrastructure
No matter how you look at it, security in the cloud is as important as security in traditional data centres.