Insight – Cybersecurity Risk: The Last line of Defence………..It’s You!

17 Aug 19 | Published by Saldys

Introduce Cybersecurity Staff Awareness Training (SAT); research evidence suggests that an effective Staff Awareness Training and Information Campaign can reduce successful Phishing attacks by over 80%

In the most recent Cyber Crime & Cyber Security – Trends in Africa* report by The African Union and Symantec, all the trends are moving against Africa. Cybercrime has well and truly landed on our continent, and all the signs are that it is growing at an alarming rate.

Facebook! Sony PlayStation Network! British Airways! Marriott Starwood Hotels! Yahoo! Deloitte! AT&T! Fedex! Uber! LinkedIn! British Airways! National Health Service (UK)! The US Securities and Exchange Commission (SEC)! Even the US Military have all been the subject of malicious activity by cyber criminals. These breaches have often resulted in significant business disruption (Denial of Access attacks via Ransomware), loss of customer personal data, fraud and other forms of Financial Crime. We’ve all heard about the big ones. But right across our continent from Dakar to Cape Town, African businesses are dealing with the consequences of malicious cyber activity.

In a recent survey of senior African risk managers by Commercial Risk Africa (CRA) Online Cybersecurity was rated as the fastest growing risk.

Some Facts

  • According to the latest estimates, the world is creating data at the rate of 2.5 billion gigabytes of new data is generated each day. And undoubtedly, this is just the beginning as the drive for digitalisation continues, especially in Africa
  • From the consumer perspective, digitalisation brings greater convenience and ease-of-use as characterised by rising popularity of online service channels, digital banking and payment platforms and the growing demand for internet connected devices (IOT – Internet of Things).
  • From the corporate perspective the digitalisation strategies are seen as means of improving customer experience, improving efficiency and of course reducing costs.
  • Africa is no exception. Across Africa, financial services institutions are going digital in a big way. The Africa mobile phone usage growth story is quite well-known, and we are seeing an increase in the number of internet-enabled mobile devices driven by social media usage.
  • Whether personal or corporate the more digital we become, the more our cybersecurity vulnerability increases. It is estimated that something like 60% of us have had our data stolen. Worryingly, many of us aren’t even aware we’ve been hacked.
  • Although we are all aware of the major incidents that have gone public. Very often our data is stolen not as a result of anything we’ve failed to do; but rather because of the failings of those with whom we have entrusted our data.
  • British Airways is a classic case; The introduction of the ba.com app has certainly made travel more efficient and less stressful. But there was a price to be paid, when Ba.com was hacked with loss the of personal data of thousands of customers, including my own. Data such as passport numbers, address; credit card details; and travel / location history can be extremely useful cybercriminal; this controls lapse could cost British Airways £183m in fines for breaching GDPR regulations.
  • Risk Managers – Watch out for high-risk data combinations in the data architecture of your firm’s digital solutions. They can magnify the impact of a cybersecurity breach.
  • Global spending on Cybersecurity is set to reach US$1 Trillion by 2021. And for the main part, the protection industry is succeeding in keeping up with the cybercriminals. But the latter are a hardy, resilient, tenacious bunch who will keep looking for new ways to win in this war. And with the spoils of Cybercrime estimated to be reach US$6 Trillions by 2021, they have a significant incentive to keep going.
  • Ironically as the digital technology landscape continues to expand (i.e. More online services; Apps; Internet-enabled devices; Social Media platforms; AI controlled production processes; Smartphones; free public Wi-Fi) so do the number of possible Cyber Attack Vectors (routes or avenues for a successful cyber-attack).
  • Despite all the advances in cybersecurity, the most common attack vector remains the human factor, You and Me!
  • It is estimated that up to 80% of successful cyberattacks involve staff action; of which the most common attack vector is the Phishing email. Almost every weapon in the Cybercriminals toolkit can be deployed via email.
  • Hence, we easily can spend tens of thousands on cybersecurity software, but if we don’t train our People we are still at high-risk of a successful cyber-attack.

Next Steps

  • Introduce Cybersecurity Staff Awareness Training (SAT); research evidence suggests that an effective Staff Awareness Training and Information Campaign can reduce successful Phishing attacks by over 80%
  • Assign responsibility for Information Security Risk Management
  • Launch a poster campaign
  • Review and assess your Information Security Risk Management framework
  • Implement Information Security Risk Management framework to global standards such as ISO 27001

By: Saldys Jusu-Sheriff

Date: 15th August 2019 Cybersecurity Training

Acknowledgements:

Stats: Gartner; Cybersecurity Almanac 2019; Proofpoint; Cisco; CRA Online; ARMC Client Research
Photo: NESA by Makers on Unsplash