- As many as 57 percent of South African experienced a network incident caused by an employee.
- This highlights the need for continuous training and education as regards cybersecurity.
- Not only will a cybercrime incident cost a company money, the ensuing fines from legislative bodies can cripple an SME.
There are many bad actors on the internet and as a result, a smorgasbord of attack variants be that ransomware, social engineering or finding your AWS environment compromised.
But of all the dangers that lurk in the dark of the world wide web, 97 percent of South African businesses are concerned about bad actors infiltrating their network, installing malware, siphoning data and just creating chaos. This is according to the Kaspersky IT Security Economics report.
Network intrusions have become more valuable for attackers in recent years as the amount of data traversing networks has increased. Attackers can take control of that data, encrypting it in a ransomware attack or using blackmail to get companies to pay to prevent bad actors from leaking sensitive data.
Attack vectors are also being advanced and developed at a rate that makes it tough for a business to keep track of what threats they may be facing.
Moreso, the shift to remote work also presents problems as it becomes tougher for security teams to lock down a company’s environment. If employees are moving around, there is more potential for a breach to occur. Unfortunately, despite these concerns many businesses don’t implement proper security protocols and employee training.
In fact, 57 percent of South African companies surveyed by Kaspersky said that an incident it had experienced was due to an employee either consciously or unconsciously helping adversaries through action or in-action.
“Mistakes or negligence by employees, whether due to a lack of security awareness or insufficient training, are leading causes of cyber breaches and data leaks in organisations. Phishing attacks, where employees unwittingly click on malicious links or provide sensitive information to scammers, are a common threat. Insider threats, where employees intentionally or unintentionally leak confidential data, can also pose a significant risk to a company’s security,” Kaspersky explained.
“The consequences of employee negligence in cyber security can be severe as data breaches often result in financial loss, damage to a company’s reputation, and legal repercussions. In extreme cases, companies may face fines and legal action for failing to adequately protect sensitive information,” it added.
A breach of a company’s network can also be costly not only from a reputational point of view but a legal one as well. Contravening PoPIA whether it be through not properly securing data or failing to alert the Information Regulator about a breach of private data can cost a company up to R10 million.
For a small business, this sort of fine could be disastrous and it’s an open secret that when it comes to security, SMEs aren’t the most well equipped to deal with the threats lurking online.
One simple thing businesses of all sizes can do to address network security is through employee training. There is no need for an IT team to muster all stations when a breach happens if employees are trained to identify threats from the off. Granted, the tactics deployed by bad actors are constantly evolving but that’s also precisely why investing in education is necessary.
Adequate end point security and network security solutions are a requirement but really, businesses need to invest in securing their people and establishing a culture of good cybersecurity. Until then, network intrusions will keep happening and eventually, the ransoms and fines will upend the company.
