Security investments and culture

Issue 7 2020 Editor's Choice

Events of late have once again highlighted the importance of cybersecurity for companies large and small. The critical nature of technology in the fight against cyber threats can’t be underestimated and those relying on old technology or simply the most basic defences are looking for trouble.

How many small businesses can afford a ransomware demand of $5000 or more? How many large corporations have to suddenly spend millions in ransomware extortion costs or updating their cyber technology after an attack, not to mention the soft expenses like PR and appeasing your customers and partners? Garmin is said to have paid a $10 million ransom to get back access to its data, but how much more will it take to restore its reputation?

In South Africa, not defending adequately against cyber-attacks and losing personal data will soon also land you in trouble with the Protection of Personal Information Act, which will have its own consequences. And a failure in one’s defences does not always mean not enough technology is in place, it can also be bad decisions by staff.

An often ignored part of a cyber-attack of any kind is the role people play, most often accidentally, allowing malware in. Chris Ogden, CEO of RubiBlue says that while cyber-attacks are a fact of life, many companies and individuals have not reached the point where effective defences are also a fact of life, especially when it comes to employees.

“When it comes to security, any type of security, one always has to start with the individual,” he explains. Everybody must understand their role in securing the organisation and the consequences of not doing it. If someone has access to sensitive information and runs a malware script by clicking on an attachment or plugging in a USB drive they found, they are a single point of failure in the organisation’s security posture. And with people working from home, security awareness may be relaxed, which is yet another risk to organisations.

Ogden adds that many people, at all levels, still haven’t grasped how dangerous it is to simply share information with others – like passwords or confidential information. Convenience often wins out over common sense, even after people have been trained. The solution is for each person to take ownership of their security responsibilities and they must be taught the consequences of failure. Especially in smaller companies, for example, failure can result in the business closing.

Plan for the worst

There are enormous profits to be made from cybercrime today, and very little can be done to stop the criminals. Laws against hacking and such do little to assist companies as most cybercriminals operate from foreign countries, and even local ones know how to hide their identities. The capabilities of law enforcement in this regard are also lacking.

Ogden says it is therefore imperative that organisations plan for the worst. “Having planned your defences, through both technical solutions and human training, you also need to plan for failure: what if they do get in?”

An organisation can have cyber-insurance to handle the costs of a breach, or most of the costs, but how are you going to reassure your customers and partners that you are back on track and it is business as usual? Perhaps a better question would be to ask if you can get back on track.


Chris Ogden.

Be ready for an emergency restart

What are you going to do about your data and systems? Do you know which data or systems should be considered your ‘treasures’ and should receive the ultimate protection? Do you have backup systems that actually restore data and will allow you to be up and running quickly? Do you know who has access to your data treasures? Does everyone with access need it?

As noted, with more people working from home now, it is even more important that they be educated about security and their role. Homes do not have the budget to install the same security that is in place at work and people therefore need to be even more vigilant and careful. A culture of security needs to be built and staff need to understand that their responsibilities do not stop because they are not in the office.

“A security mindset is actually a corporate asset given the risk environment today,” states Ogden. “Just as you budget for security technology and services, you need to budget for employee training and awareness campaigns, and it doesn’t hurt to screen new employees before hiring them.”

In the cybersecurity world, failure is an option. In fact, it is almost guaranteed that at some stage you will be hit. Ogden recommends that organisations not only plan their risk mitigation strategies using both technology and people, but also plan for the worst. “If the worst does happen, know what you need to do and make sure you can get back up and running – safely – as fast as possible.”




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Read more...
Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

Read more...
AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Read more...
Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Read more...
2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Read more...