SA firms need to be prepared as cyber attacks and data breaches are on the increase.
By Johan Steyn, 14 March 2023
If there is one thing that should keep business executives up at night, it is the prospect of a cyber attack and data breach. If sensitive or personal consumer information is compromised, businesses may incur irreversible harm.
In recent months, many large companies in our market have been exposed to cyber security incidents. This newspaper reported in December that the FBI informed the Reserve Bank of a possible cybersecurity breach (Reserve Bank hacked four months ago.) A breach of this nature “would have dire consequences for the country.”
The World Economic Forum’s Global Risks Report 2022 warns that critical cybersecurity infrastructure could be “rendered obsolete by increasingly sophisticated and frequent cybercrimes, resulting in economic disruption, financial loss, geopolitical tensions and/or social instability.”
The report states that 95% of cyber breaches are caused by human error. This brings us to the heart of the matter: breaches occur mostly not because of technological failures (that is antivirus or security software), but due to people who make mistakes or are not trained and equipped to identify a possible attack.
To get a better view of how SA firms can prepare for this onslaught, I spoke with Anna Collard, SVP: Content Strategy & Evangelist at KnowBe4 Africa. Among her many accolades are Top 50 Women in Cyber Africa, Top 100 Women in Cyber and the winner of the Women in Tech Innovation Award.
“It is about culture, not just the technology.” Collard was quick to highlight that cybersecurity is a leadership and cultural issue and that most organisations focus solely on technology to guard against these attacks. “At KnowBe4 we enable our client’s employees to make smarter security decisions every day. We are the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.”
By sending emails or texts that appear to have originated from a reliable source, phishing is a type of cyberattack in which the target is tricked into divulging sensitive information (such as passwords, financials, or personal details) that could be used to steal their identity or cause them financial harm.
Collard explained that creating a culture of security is not a one-off initiative. “Our initial client engagements typically start with us measuring their current maturity with our Security Culture Maturity Model. We use the gaps we identify to help them develop a strong security awareness culture over time.”
KnowBe4 is a trusted security training partner to many global organisations. “We collected millions of data points from training campaigns, phishing simulations, and employee surveys and can proudly say that we understand how to build security cultures.”
Businesses rely increasingly on Cloud computing platforms, machine intelligent technologies like artificial intelligence and software platforms that are becoming more complex to manage. “By partnering with KnowBe4 executives can sleep better, knowing that they are working with a global security leader, complimented by their experience in the local market.”
Business leaders should look to experts such as Collard and her local team at KnowBe4 to ensure that the critical non-technology aspects of potential security breaches are understood and planned for.
• Steyn is on the faculty at Woxsen University, a research fellow at Stellenbosch University and the founder of AIforBusiness.net