Building a human firewall

August 2019 Cyber Security, Training & Education

With Kaspersky research showing 970 557 phishing attacks detected in South Africa in Q1 2019 alone – an average of 10.783 per day – and 53 829 mobile malware attacks in the same period – an increase of 6% compared to Q1 2018 – one has to ask how vulnerable companies are to these threats and what role does human error play in businesses becoming victim to such attacks in the growing cyber threat landscape?

Riaan Badenhorst, general manager of Kaspersky in Africa answered some questions on the topic for Hi-Tech Security Solutions.

What are the growing cyber risks to SA businesses and the role of human error?

Badenhorst: As digital technologies continue to evolve and influence how businesses operate in the local environment, it has become critical for cybersecurity to be top of mind for business leaders. Some of the prevalent cyber risks that businesses face today include:

* Phishing attacks – phishing is one of the most popular weapons cybercriminals use to attack an organisation. These scams involve cybercriminals acting as legitimate companies or organisations to defraud users to obtain sensitive information.

* Malware threats – malware, or malicious software, is a type of computer program designed to infect a legitimate user's computer and inflict harm on it in multiple ways. Malware can infect computers and devices in several ways and comes in a number of forms, including viruses, worms, Trojans, spyware and more. Kaspersky detected 53 829 mobile malware attacks in South Africa in Q1 2019 - an increase of 6% compared to Q1 2018.

* Ransomware - ransomware continues to be an effective attack for cybercriminals. Last year, the share of victims affected by the top ransomware actors grew from 33% to 50%, where globally 27 000 SMBs were attacked by cryptors. Furthermore, throughout 2018, Kaspersky detected 39 842 malicious encryptor modifications. WannaCry continues to dominate the Top 10 list of the most widespread encryptor families of all time.

* Mobile related attacks [think Bring Your Own Device (BYOD)] – there is no question as to why the virtual office has become so prevalent in the business world. Considering today’s demanding business scenario where customers are always online and demands and competition are high – allowing staff to connect to the business network using the device of their choice makes turnaround time on work quicker and more comfortable. However, it also poses a risk.

People and the businesses they work for often think having high-end security systems in place is enough to mitigate cyber threats effectively. However, human error still plays a big role into the reality of cyberattacks to the business. In fact, research indicates that more than 80% of all cyber incidents are caused by human error – costing corporates millions to recover from staff-related incidents. The role of human error needs to be taken seriously and businesses need to start effectively mitigating this risk.

Technology investment is key to sustained business growth – how can businesses minimise the corporate risk of human error – what action is needed?

Badenhorst: The modern business looking to grow, simply cannot shy away from investing in technology. The key to surviving the threat landscape is to acquire threat intelligence by preparing not only the business with the systems and tools for cyber risk mitigation, but also its people. For a business to reap the benefits of the digital world, it must do so with cybersecurity awareness and training for its employees in mind. Kaspersky believe that minimising the potential human error aspect of cybersecurity in a business requires the business to look at building a Human Firewall.

In a growing cyber threat landscape, such awareness extends beyond the basic training structures that most organisations have in place today. Rather, a business needs to consider a holistic training solution platform that looks at:

* Building strong cyber-hygiene skills through micro learning and reinforcement – this involves engaging employees in the education process around cybersecurity, with the aim to increase their personal cyber awareness. This training must be easy to digest, memorable and practical to the employee.

* Agile fit - enterprise-level scalability – a business must recognise that every employee will be at a different cyber awareness level and will be required to understand cyber security differently based on their role within the business. Therefore, cybersecurity training must be agile to meet the training needs of all employees and at any level, to ensure everyone can learn within their own parameters, so that the full business is armed and prepared accordingly.

To mitigate cyber risks effectively, businesses should look to seek training solutions that are practical and make it easier to ensure staff are armed with the very latest skills and knowledge.

The concept of a Human Firewall – what is this and how can a company achieve this?

Badenhorst: The concept of the Human Firewall looks at equipping employees/staff – through comprehensive security training – with the skills to operate in the digital roadmap of the organisation, while being threat intelligent enough to mitigate risks and minimise human error that has previously set many businesses back.

Put simply, building a Human Firewall requires security awareness and training solutions that are tailored to the unique organisation’s needs and the needs of its staff members. Building Human Firewalls means that businesses need to seek training programmes that offer not only knowledge, but – more importantly – change habits and form the new behaviour patterns to IT security practices that ensure risk mitigation.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber futures in 2020
Issue 1 2020 , Cyber Security
MJ Strydom, managing director of cybersecurity specialist company, DRS, discusses what can be expected in 2020.

Seven security trends for 2020
Issue 1 2020 , Cyber Security
What challenges await the security professional in 2020? Lukas van der Merwe looks at the trends for the year ahead.

Security is not a single product solution
Issue 1 2020 , Cyber Security
Adopting a phased approach to security allows companies to develop a layered security posture to help control costs as well as the complexity.

From physical security to cybersecurity
Access & Identity Management Handbook 2020, Genetec , Cyber Security, Security Services & Risk Management
Genetec discusses the security-of-security concept as a means to protect cameras, door controllers and other physical security devices and systems against cybercriminal activity.

Minding the gaps to protect industrial PLCs from cyber threats
November 2019, AVeS Cyber Security , Cyber Security
PLCs, designed to control machinery and specific processes, were never built with cybersecurity threats in mind and protecting PLCs against these threats requires healthy isolation from the Internet.

Hacking group is attacking banks in sub-Saharan Africa
November 2019, Kaspersky , News
Kaspersky security researchers have reported on thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region.

African trust centre launches cyber division
November 2019 , Cyber Security
Advancing cybersecurity to more stringent heights, LAWtrust has launched a new division focusing on cybersecurity services to complement its identity, encryption and digital signature offerings.

What are the cybersecurity issues in video surveillance?
November 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
he importance of the data captured by surveillance cameras – and what can be done with it – has led to a new breed of cybercriminals, looking for insights to steal and sell.

Not-so-safe travels
November 2019, Kaspersky , Home Security
Kaspersky research of the RevengeHotels campaign aimed at the hospitality sector, has confirmed that in Latin America, Europe and Asia have fallen victim to targeted malware attacks.

Protecting the outer perimeter with cloud services
November 2019 , Cyber Security
Business leaders now have a choice whether they want to continue using their trusted firewall or move to a next-generation firewall delivered by appliances or as cloud services.