Intelligent CIO Africa Issue 35 - Page 18

TRENDING //////////////////////////////////////////////////////////////////// a breach can damage brands badly, often causing up to US$1.6 million in costs and taking nearly two months to resolve. Perhaps even more concerning is that the same research found that 60% of these breaches were caused by a negligent employee or third-party contractor. “The challenge doesn’t lie exclusively in the infrastructure that helps the organisation minimise the risk of cybercrime,” added Bornheim. “It is equally reliant on the training that the company provides to its IT department, its employees and its third-party vendors. Without understanding the risks or the protection against them, people will always be the weakest link in the security chain.” It’s surprising how few organisations invest in cybersecurity training programmes such as those offered by the EC Council, especially considering how easy it is for Goliath to fall to that worm. In July 2019, one of South Africa’s largest electricity service providers fell foul of ransomware. One of the most common ways for ransomware to penetrate any defensive system is via that click made by the untrained employee who really thinks that the email is genuine. Human error was also the reason for the BlackRock data leak in January 2019, SAA and Liberty were both victims of successful hack attempts, and the number of cyberattacks per day in 2019 has risen to 13,842 according to Kaspersky. “The risk isn’t manufactured by the media or only inherent in someone else’s business,” added Bornheim. “Every organisation of any size and in any market is at risk of being hacked, breached or subjected to the whims of ransomware. In fact, the research is increasingly pointing to a shift in cybercrime focus with many attacks directly targeting small to medium companies. They are less likely to have invested in training and security tools and more likely to have usable vulnerabilities as a result.” The cost of training up staff is barely a scratch to the budget compared with the cost of recovering from a hack. Accenture’s 18 INTELLIGENTCIO Karien Bornheim, CEO of FABS Cost of Cybercrime study that spans more than 11 countries and 16 industries found that the average cost of cybercrime rose to US$13 million per company in 2018. That’s far more than any company could spend on establishing a business culture that’s cyberaware and security savvy. The same applies to the training and management of third-party service providers. Investing in training, policy development, skills development, and a cohesive cybersecurity posture is a small price to pay considering the potential business and reputational loss. The laws in Africa have yet to deliver the robust smack to the business that they should, but any business looking to expand its footprint is going to have to deal with the compliance and regulatory requirements of the various cybersecurity and data protection acts in the African countries, GDPR in Europe, the Australian Privacy Principle 11 (APP 11) in Australia, and the Federal Trade Commission Act in the United States, to name just a few. “Training courses that emphasise skills development, recognise the importance “ THE CHALLENGE DOESN’T LIE EXCLUSIVELY IN THE INFRASTRUCTURE THAT HELPS THE ORGANISATION MINIMISE THE RISK OF CYBERCRIME. of educating employees, and that focus on providing the business with robust third-party cyber-posturing, are essential,” said Bornheim. “This will not only set robust, long-term foundations for the company’s cybersecurity policy but ensure that all compliance boxes are ticked, and that employee negligence is minimised significantly. There will always be the risk of a hack or a breach, but with training, this is minimised and managed properly.” n