Mindful Cybersecurity: The future of security

5th October 2021

     

Font size: - +

October is Cybersecurity Awareness Month, this comes at a time when cybersecurity awareness should be on everyone’s mind. The risk of attack has soared, according to Atlas VPN – 45% of organisations globally were impacted by recurring cyberattacks, malware up by 358%, and ransomware by 435%. Anna Collard, SVP of content and evangelist at KnowBe4 Africa, warns that social engineering is consistently the number one root cause used by ransomware and other malware attacks to gain initial access. 

It has become absolutely critical to manage human risks effectively as it’s still the top attack vector used by cyber criminals.

“There are ways of mitigating the human risk factor and engaging with your employees on a deeper level,” she adds. “Approach the training with sensitivity, ensure that your people are engaged, and that their concerns are recognised.”

While simulated phishing campaigns are very effective in educating staff about phishing, a common mistake made by companies as they embark on these campaigns is to use topics that are sensitive or can cause upset. While scammers will use topics such as a fake bonus or lay-offs very successfully in their campaigns, it’s not a good idea to use them as part of the training.

“People don’t react well to this kind of campaign and often this can backfire on the company,” says Collard. “The best way to tackle sensitive phishing topics is to provide people with the tools they need to recognise potential attacks, and, perhaps most importantly, ensure that your employees are happy. Happy and responsible people are the best protection, so work towards creating this kind of culture to achieve long-term security success.”

Another key approach is to ask people for feedback after training sessions, and to use that feedback. Use the stick and the carrot approach rather than the terrify and torment one. If you combine negative incentives with positive ones, then people are more inclined to work towards a culture of security. This is further reflected by leadership. It’s important to get executive involvement that goes beyond sponsorship. You want your leaders to become the faces of your cybersecurity campaigns, and to walk the proverbial talk.

“People look to what their leaders are doing, so get a video clip of your senior team leaders sharing why security is important, or undertaking a phishing training course, to show that they are as committed to this as anyone else,” says Collard. “Add to this personal involvement by ensuring that you pull in all teams and silos. Work with marketing, internal comms teams, HR, and every other business department to create a comprehensive and holistic security culture.”

Another critical point is to ensure that you start off your campaign with a clear baseline. You can’t manage what you can’t measure so create a baseline view of your current security status quo by running a proficiency or security culture assessment and track this annually. This will help you to showcase improvements, and manage training more effectively. Finally, make everything fun, especially now. 

“People are tired, burned out and living online, so don’t make your cybersecurity awareness campaign boring, tedious and time consuming,” concludes Collard. “Make it beautiful. Ensure that communications are seamless, that content is meaningful, and that every part of the campaign is worthy of engagement. And be human. Emotions are a powerful engagement technique, so use them in your content. Tell stories, use humour, and remember that, above all else, your employees are people first.”

Edited by Creamer Media Reporter

Comments

The content you are trying to access is only available to subscribers.

If you are already a subscriber, you can Login Here.

If you are not a subscriber, you can subscribe now, by selecting one of the below options.

For more information or assistance, please contact us at subscriptions@creamermedia.co.za.

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION