The place many cybersecurity efforts will falter is, more often than not, the human element.
As such it’s vital that businesses invest in cybersecurity education, lest they fall foul to cybercriminals who get smarter and smarter every year.
A local company which has recognised the important of education and cybersecurity training is Capitec which has implemented training solutions and systems created by KnowBe4.
“The human layer is so important,” explains acting head of technology security at Capitec, Juan-Marc Scrimgeour. “Controls can be bypassed, systems can be fooled but there is a person at the end of the attack, and we need them on our side to help us. We realised early on that people often don’t know enough about cybercrime, or misunderstand what certain threat actors do or mean, and that to improve our security culture, we had to focus on our people.”
Before joining the KnowBe4 platform the acting head says that Capitec moved from a face-to-face training approach to one which was digital which also makes sense given the current working climate.
It wasn’t plain sailing however as Scrimgeour points out that there was resistance from middle management. This ultimately slowed the uptake of training and compounded the issues the company was experiencing as regards security, specifically as regards employees who weren’t aware how to approach a threat.
The system Capitec was using also slowed adoption of the training as it was slow, difficult to grasp and wasn’t granular enough to be effective.
So Capitec decided to change its approach and formulated its strategy around five considerations:
- The risk profile of the area
- The awareness gap within the the area
- The current environment
- The macro and micro impacting factors
- The best format to deliver the training
“We had already partnered with Popcorn Training to help create and facilitate awareness training in the company, so when they were acquired by KnowBe4 and introduced us to the platform, the move made sense,” explains Scrimgeour.
The technology security head says KnowBe4’s platform was easy to use and met several of Capitec’s requirements.
“The platform was really easy to use, we could set it up and create granular awareness training streams for various groups based on specific attributes. The phishing simulation programme is fantastic – not only did we automate the simulations completely, but the templates are updated on a regular basis and sent out based on a preset difficulty level so training is relevant and ongoing,” Scrimgeour said.
As a result of this implementation Capitec has seen an increase in phishing reporting and identifying potential risks. This has had the benefit of risks being identified that Capitec’s systems missed but thankfully clued up employees didn’t.
“We can’t control who attacks us, and when, but we are creating a secure and engaged workforce that understands the risks and plays a role in ensuring the ongoing security of the organisation,” Scrimgeour concluded.
[Image – CC 0 Pixabay]
