Employee training critical amid increasing cyber attacks in Africa
Amid the increase in remote connectivity and work-from-home strategies, IT security experts have urged comprehensive cybersecurity training for employees.
According to a recent Kaspersky report, South Africa experienced a surge in cyber-attacks post-COVID-19 lockdown, with the number of device infections up from 30,000 to 310,000 in just one week.
“But it is not only South Africa under the microscope. The African region is seeing an increase in attempts to break into organisational systems to establish control over them, sabotage their work, or access sensitive information,” said Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.
Opil added: “Remote working provides cybercriminals with a prime opportunity to target devices, especially those that do not necessarily have adequate IT security measures in place. Such a spike, although temporary, leads Kaspersky to believe that cybercriminals have keenly been focused on the region given the current circumstances due to the rapid increase in remote working protocols that have been initiated during this timeframe.”
He said that that being outside a company’s ‘secure’ network, many avenues to steal information have doubled if not tripled.
This means that organisations have to continuously train their employees on cybersecurity measures including securing home Wi-Fi networks, securing mobile and laptops and even enabling two-factor authentication for company’s sites and emails.
Research firm Brookings Institute also issued recommendations on how to empower employees in being the first line of defense against cyber-attacks.
“(A) company should build its cyber capabilities by raising awareness of and building employees’ skills in information security, securing the configurations and regularly updating its infrastructure and systems,” the company stated.
Employees should also be taught on how to spot phishing attempts, malicious e-mail downloads and social media engineering towards obtaining sensitive company information.
Opil said: “Security awareness training will also become more tailored. These courses will account for not just the skills and rules that are relevant and new for a role but automatically be adjusted to an employee’s level of knowledge, the pace of learning, and their individual learning preferences. This will ensure employees are not burdened with irrelevant information and can instead spend more time focusing on the skills they do not already have.”