editor’s question
disclosed vulnerabilities had
been patched with a new
required update, many
companies around
the world still hadn’t
updated their systems.
Several cases
followed – with non-IT
personnel being the
weakest link. For
example, employees
with local administrator
rights who had disabled
security solutions
on their computers,
which then allowed the
ransomware to spread from
their computer through the entire
corporate network.
RIAAN
BADENHORST, GM
OF KASPERSKY
IN AFRICA
A
gainst the
backdrop of
a complex
and growing
cyberthreat
landscape, where
many businesses
are concerned about their IT security
being compromised, many are now also
waking up to the fact that one of the
largest gaps in their cyber strategies is
their own employees.
In fact, past Kaspersky research shows
that 52% of businesses admit that
employees are their biggest weakness
in IT security – where careless actions
put the business and its IT security
strategy at risk. Furthermore, more than
80% of all cyber-incidents are caused
by human error.
During the global WannaCry ransomware
epidemic, the human factor played
a major role in making businesses
worldwide vulnerable. In fact, so much
so, that even two months after the
30
In this digital world, human error is an
increasing cyber-risk for companies that
needs far more proactive action. So,
what should businesses do?
The first step is to examine how to
minimise, and better manage, the
potential human error of the business’
cybersecurity strategy, which means
looking at ways in which to transform
employees into what we call a ‘human
firewall’. The concept of the ‘human
firewall’ looks at equipping employees/
staff with the skills to operate in the
digital world of the organisation, while
still being threat intelligent enough to
mitigate risks and minimise human
errors, which have previously set many
businesses back.
Achieving this necessitates the
business to invest in the right security
awareness and training solutions.
However, these training mechanisms
must go far beyond the basic IT
security training many companies
follow today – and rather focus on
offering strategic guidance that is easily
digestible, practical and, importantly,
memorable. An employee’s ability to
lessen human error or act appropriately
if a business is facing a cyberthreat or
attack, will only be as effective as the
training they receive.
To undertake ‘human firewall’ training
the following areas must be considered:
• Building strong cyber-hygiene
skills through micro learning
and reinforcement: This involves
engaging employees in the education
process around cybersecurity, with
the aim to increase their personal
cyber awareness.
• Agile fit: Enterprise-level scalability
– a business must recognise
that every employee will be at a
different cyber awareness level
and will be required to understand
cybersecurity differently based
on their role within the business.
Therefore, cybersecurity training
must adapt to meet the training
needs of all employees, and at any
level, to ensure everyone can learn
within their own parameters, so
that the full business is armed and
prepared accordingly.
It is important to note that dedicated
training of this nature is not about
lecturing staff on cybersecurity
obligations or business policy rules.
Rather, it is about making effective
learning open to businesses of any size,
ensuring the company can balance
security competence levels throughout
the business for different groups
of employees – all to support the
employee learning process to ensure
that they themselves are invested in
cybersecurity measures.
Achieving this takes time but ultimately
will support a business in building a
stronger cybersecurity defence – one
that exceeds relying purely on solutions-
based protection. Certainly, it is this type
of approach that aids in making staff a
business’ biggest security asset, instead
of an insider threat. u
In this digital world,
human error is an
increasing cyber-
risk for companies
that needs far more
proactive action.
Issue 21
|
www.intelligentciso.com