• Home
  • /
  • IOT
  • /
  • When technology is not enough: Creating a cyber security strategy in a world where threats never sleep

When technology is not enough: Creating a cyber security strategy in a world where threats never sleep

By Kabelo Makwane, Managing Executive: Cloud, Hosting and Security at Vodacom Business.

Johannesburg, 03 Apr 2024
Kabelo Makwane, Managing Executive: Cloud, Hosting and Security at Vodacom Business.
Kabelo Makwane, Managing Executive: Cloud, Hosting and Security at Vodacom Business.

In the last four years, we have seen a broad cultural shift when it comes to the way businesses operate in relation to technology. This shift has made way for more agile and intelligent business outcomes. But growing adoption speeds and moves towards digitalisation are far from new phenomena.

In 2013, an article posted by the Harvard Business Review commented on how technology adoption rates had increased, comparing the adoption of tablet technology with innovations like electricity and telephones. Ten years later, the rate of adoption of technology is incomparable. The rate of adoption of technologies like AI have skyrocketed to a point where 50% to 60% of all organisations use AI in some form. Even more impressively, cloud adoption among enterprise organisations is above 90%, accounting for 75% of the workload in one out of five organisations.

However, the dialogue around these achievements in technological adoption has changed. In 2013, businesses were aiming to achieve the status of being “technologically enabled”, a catchphrase still used today; but simply having the technology is no longer enough. This is due to one simple yet sinister development – cyber crime. While the adoption of AI has helped improve the agility and efficiency of above-board businesses, so too has it helped improve the efficacy of cyber criminals.

Although not a new problem, cyber crime has risen alarmingly quickly to the top of the charts when it comes to business concerns. The boom of internet of things (IOT) technology and chaos that surrounded the sudden shift to work-from-home models in 2020 kick-started the age of cyber crime. In that period, incidents rose by 600%, affecting every industry and showing no signs of slowing down. One report predicts the cost of cyber crime will continue to rise to $10.5 trillion dollars by 2025, up nearly 117% from $3 trillion in 2015. Today, organisations need to be more than just technologically enabled, they need to be future secure.

The biggest difference between being technologically enabled and future secure is the incorporation of the human aspect of cyber security. A staggering 88% of data breaches are the direct result of human error. This is compounded by poor training, with 42% of organisations listing a failure in their employee security training as one of their top three challenges. Changes in employee expectations, which have seen flexibility rise to the top of employee demands, undoubtedly play a role in this. In a recent Standford study, 50% of respondents claimed to be “very” sure they had made an error at work that could have led to security issues. Nearly 45% cite distractions as the top reason for these errors, and 57% admitted being more distracted when working from home.

As a result, organisations can no longer take the approach that cyber security is the sole responsibility of the chief technology officers and their teams. Rather, a basement-to-boardroom approach to cyber security, which incorporates effective training, is the key to ensuring the security of your organisation.

And this comprehensive approach is becoming even more important. Voice and video mimicking have recently gained popularity among malicious groups. While early AI allowed criminals to produce impressively tailored written phishing e-mails and text messages, this more recent advancement has even led executives to believe they are having a conversation with someone from within their organisation.

So, how do organisations become future secure and ensure they are equipped to meet these changing challenges? Although a ‘human firewall’ is arguably the most important factor, organisations must be able to match the malicious groups pound for pound in terms of technology, as well as use this technology in a way that serves your purpose. This is where the concept of a cyber security footprint is important.

Similar to a digital footprint, a cyber security footprint specifically refers to the information related to an individual or organisation's cyber security measures, practices, vulnerabilities and defences in the digital realm. Incorporating everything from firewall configurations to encryption methods, access controls and incident response plans, a cyber security footprint encompasses the security protocols, software, hardware, policies and practices in place to protect digital assets and sensitive information. It is crucial that this be analysed on a regular basis to address any vulnerabilities that may have developed and to understand the adequacy of your current measures.

But simply having this technology in place is not sufficient. Technology cannot exist in a void when it comes to cyber security; neither can people. It is critical that organisations implement robust and regular training programmes to keep employees up to speed on the latest threats, policies and procedures. There is a critical need to improve the attitudes and skills of all employees around cyber security for any strategy to be truly effective.

To help businesses achieve this and reduce the prominence of failed cyber security training, Vodacom Business is asking organisations of all sizes to “Turn to Us” to protect your data and equip your employees, from the basement to the boardroom, with the skills they need.