Staff buy-in critical for effective corporate cyber security

Staff buy-in critical for effective corporate cyber security

In 2018, 26% of young adults committed suicide globally as a result of cyber bullying, and 945 data breaches led to 45 billion records being compromised in the ongoing cyber crime challenge.

These statistics emerged from a panel discussion how do you increase user awareness and keep your workforce 'cyberfit', hosted this week at the ITWeb Security Summit 2019 in Sandton, Johannesburg.

Amid growing cyber threats, ever-present dangers on the dark web and exponential use of the internet over the past decade (over three billion emails are sent globally every day), experts warn of a substantial increase in cyber attacks.

"Each year companies fall victim to data theft, industrial espionage and sabotage, their very existence is in jeopardy," said Jenny Mohanlall, chief executive officer of RITS-SA.

Against this background, the panel tackled the issue of user awareness and creating a 'cyberfit' workforce.

They began the discussion with a focus on the development and implementation of an effective phising program to test the readiness of staff to identify and deal with phising attacks.

Mdu Zakwe, CEO, MICT SETA, said it is important to understand user behaviour and the different views of the World Wide Web that makes up the organisation's landscape. He said the various silos in business, including HR and finance, face different risks and threats.

"There is no 'one-size-fits all' with a phising programme. Once you understand that everyone needs to learn and attend to the risk that they face, it is very easy to tailor-make a phising programme that would suit the entire organisation ... but that is step number one."

He stressed the need to educate the workforce about IT security policies, assess the level of understanding and accurately measure any change in behaviour.

The security culture of a business and its influence on effective protection was raised in the discussion.

It is important not to create a culture of fear and reprisal, and rather focus on a security culture that is based on trust.

"You need to build a trust relationship and the way to do that is to instil a company culture of trust with cyber security... you cannot instil a cyber culture in a person if the company doesn't have it," said Kobus Pienaar, CIO, Vedanta Zinc International.

Julian Ramiah, Group Chief Information Security Officer, Liberty Holdings, said when it comes to risk management and IT security awareness, "we are doing this very textbook, we are doing this without taking people on a journey."

Ramiah criticised the industry for fuelling complexity and the way it communicates issues and engages with people. "As much as we are part of the community, the client and the solution, we are also making this problem bigger than we ought to."

Read more