Johannesburg, 22 Feb 2023
Most successful cyber breaches have one thing in common: people. Your company can be protected from every tech angle, with the latest security updates and most advanced threat detection, but it takes just one employee accidentally sharing their password for a major breach to occur.
Human-targeted attacks will remain the number one threat to cyber security and will only keep increasing in volume and complexity this year. As even casual observers have become more adept at spotting e-mails that don’t look quite right, criminals constantly work at creating more sophisticated traps. This year, we’ll likely see more complex attacks as well as automation and the monetisation thereof, as bad actors leverage and repurpose the likes of ChatGPT and other AI chat tools.
Human error is not only the biggest security blind spot, but also requires more effort to remediate. It necessitates training and buy-in, as opposed to a security threat you might patch or reconfigure to a more secure mode. And after all that, your security still depends on the will of those humans to engage with the training and execute the learnings. There are no quick solutions, and any solution in place requires constant reviewing, reengagement and reporting.
So how do you get staff members to engage in security messaging and implement these instructions correctly? By making it personal for and applicable to them.
South Africa already has a security-first culture due to our sensitivity to crime in general. Your toughest challenge is then to broaden the scope of staff members’ security mindset.
Do this by always providing consistent, friendly and supportive engagement on security topics. If your security team can add value to other staff members’ lives, whether through support, personal advice or leading by example, these quality exchanges will become a foundation for further interaction. If staff members perceive that they, too, get value out of engaging with security teams and materials, they’ll be more inclined to adopt your overall organisational strategy and awareness mission.
You could tailor such initiatives by:
- Using strong awareness content about the threats most prevalent in your business to regularly keep security in focus.
- Adding additional customised content to such materials to dig deeper and create interest in current trends.
- Sharing ‘inside info’ such as vulnerability notices and remediation steps for consumer phones, tablets and wireless routers that staff members may use in their personal lives.
- Running routine unannounced simulations and sharing the results with the group.
- Incentivising participation by rewarding star performers – but still supporting stragglers.
Share
e4
e4 is a technology company specialising in digitalisation. By understanding the complexity of a digital journey, e4 partners with its clients to provide innovative solutions that suits their unique needs. Using an omni-channel platform approach, e4 offers a range of digitally-inspired services as well as solutions.
Working across financial services, data and the legal sector, e4 understands the intricate requirements in these sectors, and uses its expertise to assist clients in effectively managing their businesses through digitalisation.