ICT Cybersecurity
Submit newsAdvertiseSubscribe
News Press Offices Companies Jobs Events People Multimedia Features Opinion
AdvertiseSubmit news

Industries

All industries Agriculture Automotive Construction & Engineering Education Energy & Mining Entrepreneurship ESG & Sustainability Finance Healthcare HR & Management ICT Legal Lifestyle Logistics & Transport Manufacturing Marketing & Media Property Retail Tourism & Travel

Features

BizTrends BizTrendsTV IMC Conference IAB Bookmarks Awards Orchids and Onions Prism Awards Loeries Creative Week More Sections..

In the news

DarkMatter Can!do BET SoftwareEnquire about a company Biz Press Office
Agriculture
Automotive
Construction & Engineering
Education
Energy & Mining
Entrepreneurship
ESG & Sustainability
Finance
Healthcare
HR & Management
ICT
Legal
Lifestyle
Logistics & Transport
Manufacturing
Marketing & Media
Property
Retail
Tourism & Travel

News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

Submit content

My Account

Advertise with us

Subscribe & Follow

Trending

2 days 7 days 30 days By Industry
Advertise your job vacancies
    Post your Job Ad here >>
    Search jobs

    ICT Cybersecurity

    Your staff are the biggest threat to your cyber security

    15 Nov 2018
    15 Nov 2018
    The greatest threat to the data security of any organisation is often traced to an oblivious employee who has inadvertently brought a company to its knees by allowing confidential and sensitive data to be hacked.
    Rudi Dicks, director of The Cyber Academy
    Rudi Dicks, director of The Cyber Academy

    Cyber forensic security expert, Rudi Dicks, director of The Cyber Academy explains, “A data breach can cost an organisation millions of rands and worse, its reputation. Even with excellent information, security teams and robust technologies in place, the weakest link is often a user within the company that has been manipulated by a malicious attacker who is then able to access the sensitive information that the user is authorised to view.

    “While data leaks can be orchestrated by a disgruntled worker or a corporate spy who is familiar with the organisation, most data breaches occur because of avoidable human error. As malicious attackers constantly use new and innovative methods, companies can’t keep implementing new technologies to mitigate these.”

    Cyber attacks continue to make headline news such as the recent hack into Liberty’s data and the Cathay Pacific attack which saw the personal information of 9.4 million customers leaked. Current estimates indicate that more than 90% of cyber attacks can be attributed to human error.

    Raise awareness among staff

    Dicks says the easiest method of attack is to manipulate an employee and therefore the best security intervention is to raise awareness amongst staff. “Technology can’t help a human problem which involves someone manipulating an employee or contractor to perform an action or divulge confidential material.

    “In one instance, a stranger came onto the premises for an alleged job interview, told the receptionist he had spilt coffee on his CV, handed her a USB and asked her to print it for him. Once the USB was inserted to her computer the attacker gained remote access to that machine and from there, the entire network,” says Dicks.

    The Cyber Academy works with companies to protect them from cyber attacks by raising awareness and training staff to ensure that cyber protection and data security are maximised.

    “Our trainers have real-world hacking experience and remain thoroughly engaged with the current cyber crime landscape and most importantly, they understand the attackers’ mindsets. Social engineering attacks such as phishing, vishing, spoofing and ransomware are all cyber attacks that continue to grow in frequency and sophistication at alarming rates.”

    “Physical security is a basic but often overlooked form of defence,” says Dicks. “Staff must report all strangers they see in the office that are not clearly marked with a visitor’s access card. Access to the building needs to be rigorously managed. Unknown USBs may not be used and sensitive information should be shredded. Password protection policies must be strictly adhered to - people are still writing their passwords on a piece of paper,” says Dicks.

    With the advent of social media, people’s interests are publicly available which often hackers use to manipulate. This is exacerbated by the number of digital devices that people now have.

    Types of cyber security risks

  • Phishing uses disguised email as a weapon. The email recipient is tricked into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and the recipient then clicks a link or downloads an attachment.

  • Vishing is a similar type of attack where voice is used instead of email. Attackers will phone a victim to prime an attack or ask to guide them through changing settings or disclosing a password.

  • Spoofing sees attackers impersonating people familiar to the victim either by sending an email as someone else, or changing the address very slightly to appear as if from the legitimate sender.

  • Pharming attacks involve a hacker sending the same email to many recipients and then waiting to see which recipients respond.

  • Whaling is a specific form of phishing that personalises the attack towards high-profile people in senior positions.

  • Ransomeware occurs when data is encrypted within an organization. The hacker then requests payment in bitcoin to receive a code to unlock the user’s files.

    • Read more: data security, security risks, cyber threats, data breaches, cyber protection, Rudi Dicks
    Share this article
    NextOptions
    Related
    NextOptions

    BizTrendsTV

    RAPT BizTrendsTV: Li Ndube on Afro-optimism - African growth vs Western degrowth
    Let's do Biz