TRENDING
////////////////////////////////////////////////////////////////////
a breach can damage brands badly, often
causing up to US$1.6 million in costs and
taking nearly two months to resolve. Perhaps
even more concerning is that the same
research found that 60% of these breaches
were caused by a negligent employee or
third-party contractor.
“The challenge doesn’t lie exclusively in the
infrastructure that helps the organisation
minimise the risk of cybercrime,” added
Bornheim. “It is equally reliant on the
training that the company provides to
its IT department, its employees and its
third-party vendors. Without understanding
the risks or the protection against them,
people will always be the weakest link in the
security chain.”
It’s surprising how few organisations invest
in cybersecurity training programmes such
as those offered by the EC Council, especially
considering how easy it is for Goliath to fall
to that worm.
In July 2019, one of South Africa’s
largest electricity service providers fell foul
of ransomware.
One of the most common ways for
ransomware to penetrate any defensive
system is via that click made by the
untrained employee who really thinks that
the email is genuine. Human error was also
the reason for the BlackRock data leak in
January 2019, SAA and Liberty were both
victims of successful hack attempts, and the
number of cyberattacks per day in 2019 has
risen to 13,842 according to Kaspersky.
“The risk isn’t manufactured by the media
or only inherent in someone else’s business,”
added Bornheim.
“Every organisation of any size and in any
market is at risk of being hacked, breached
or subjected to the whims of ransomware.
In fact, the research is increasingly pointing
to a shift in cybercrime focus with many
attacks directly targeting small to medium
companies. They are less likely to have
invested in training and security tools and
more likely to have usable vulnerabilities as
a result.”
The cost of training up staff is barely a
scratch to the budget compared with the
cost of recovering from a hack. Accenture’s
18
INTELLIGENTCIO
Karien Bornheim, CEO of FABS
Cost of Cybercrime study that spans more
than 11 countries and 16 industries found
that the average cost of cybercrime rose to
US$13 million per company in 2018.
That’s far more than any company could
spend on establishing a business culture
that’s cyberaware and security savvy.
The same applies to the training and
management of third-party service
providers. Investing in training, policy
development, skills development, and a
cohesive cybersecurity posture is a small
price to pay considering the potential
business and reputational loss.
The laws in Africa have yet to deliver the
robust smack to the business that they
should, but any business looking to expand
its footprint is going to have to deal with the
compliance and regulatory requirements
of the various cybersecurity and data
protection acts in the African countries,
GDPR in Europe, the Australian Privacy
Principle 11 (APP 11) in Australia, and the
Federal Trade Commission Act in the United
States, to name just a few.
“Training courses that emphasise skills
development, recognise the importance
“
THE CHALLENGE
DOESN’T LIE
EXCLUSIVELY
IN THE
INFRASTRUCTURE
THAT HELPS THE
ORGANISATION
MINIMISE
THE RISK OF
CYBERCRIME.
of educating employees, and that focus
on providing the business with robust
third-party cyber-posturing, are essential,”
said Bornheim. “This will not only set
robust, long-term foundations for the
company’s cybersecurity policy but ensure
that all compliance boxes are ticked, and
that employee negligence is minimised
significantly. There will always be the risk of
a hack or a breach, but with training, this is
minimised and managed properly.” n
www.intelligentcio.com