- The increased number of remote workers due to the COVID-19 pandemic (which brings its own complications); and
- The heightened emotional vulnerability of individuals during these difficult times.
A recent report by independent global business advisory firm, FTI Consulting Inc., revealed that local businesses were already under immense security pressure due to a ‘lack of cybersecurity preparedness, which continues to create problems and risks for companies in South Africa’. The 2020 FTI Consulting Resilience Barometer also stated that, ‘while most leaders in the region are aware of the risks – 84% surveyed believe they have cybersecurity gaps - less than half said they have made investments in that part of their business in the last 12 months. This disparity between known risk and response is concerning even during the best of times.’
It continued: ‘Recent changes in the ways we are working has presented cybercriminals with a multitude of opportunities to exploit weaknesses in systems, processes, and behaviour. In addition to simple email phishing scams, employees are expecting non-standard emails from their IT support teams, making them more susceptible to work-related phishing attempts.’
Reasons why phishing and ransomware are on the rise
There are a number of reasons why we are seeing more scammers than ever before preying on people to gain access to sensitive information for nefarious purposes.
- Technical vulnerabilities: Unfortunately, organisational chaos that ensued out of necessity to keep businesses up-and-running following President Cyril Ramaphosa’s initial lockdown announcement at the end of March, exposed unexpected technical vulnerabilities that were of great advantage to cyber attackers.
- Accessibility: The remote workforce is no longer protected behind a corporate firewall, making it more difficult to manage who is accessing what information, when.
- Heightened emotions: Users are receiving countless phishing mails masquerading as urgent lockdown-related announcements from schools, the Department of Basic Education, or health organisations among others is the order of the day. The intent is to use our insecurities, confusion and emotional responses against us to gain access to sensitive information.
- Growing IoT devices: The number of IoT devices in use has changed the corporate attack surface for good. We’re no longer just protecting corporate brick and mortar; the breaching of vital equipment that can be ransomed for digital currency is a very real and current threat.
Cybersecurity advice for CEOs
The following advice will help CEOs protect their businesses – not just physical corporate assets, but more importantly, the valuable data residing on these devices.
- Vigilance: It is clear that all employees need to be more vigilant. Protecting the data elements in our businesses translates to cybersecurity right through to the edge, encompassing mobile device protection, a mail scrubbing engine and more.
- Cyber posture assessment: The best place to start is to complete a cyber posture assessment, which evaluates the current security environment - from security patch management, machines without security solutions, the use of public Wi-Fi, uploads, password age policies and the like.
- Measure the attack surface: By measuring an organisation’s ‘attack surface’, which describes a total sum of the vulnerabilities and weak spots in a network or environment that are accessible to a threat actor or can aid the threat actor with malicious intentions (such as committing data theft and compromising assets), it is then possible to identify best practices and highlight parts of the environment that are particularly vulnerable and may require attention.
- Establish a security-based culture: A very important point to remember is that people operating within a more relaxed home environment are naturally less vigilant, so companies must also incorporate regular user awareness training, taking decisive steps towards ensuring that employees are continuously educated on how to manage corporate assets outside of the work environment.
Download the full Cybersecurity article here. Get in touch with your Datacentrix representative to discuss our cybersecurity services or visit https://www.datacentrix.co.za/security.html