By Grant Moyo
As global cybercrime spikes, strong business leadership is required to increase organisational security and confidence. In the midst of the ongoing lockdowns, organisations and employees are facing a staggering increase in cyber risks as they continue to move more of their operations online to enable remote working. Award-winning specialist in industry-specific information technology (IT) governance and architectural services consultancy, AVeS Cyber Security, has launched a risk-based security awareness and education campaign across Southern Africa to assist organisations in managing their cyber risks more proactively.
AVeS Cyber Security forms part of the AVeS Cyber International group of companies. It combines expert knowledge and services with leading technology products to provide comprehensive information security and advanced IT infrastructure solutions. Over the past 23 years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the continually evolving threat landscape while achieving digital transformation aspirations.
The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. For its efforts, AVeS Cyber Security got recognition from some of the world’s top technology vendors. The company’s numerous accolades include Kaspersky’s Africa Partner of the Year (2019 and 2020), Kaspersky’s Top META Learning Partner (2020), ESET’s Regional SMB Sales Champion (2019 and 2020), ESET’s Product Champion (2019), Symantec’s SMB Partner of the Year (2019), and Sophos’ Upcoming Partner of the Year (2020). AVeS Cyber Security also received four new partner statuses listing Microsoft Gold Datacenter, DellEMC Gold, Veeam Silver and Sophos Platinum.
With decades of experience helping Southern African organisations achieve confidence in their digital information, AVeS Cyber Security recognises employees as most vulnerable to cybercriminals’ current attack methods. Cybercriminals use persistent social engineering techniques, forcing employees to make errors in judgement and unwittingly grant them access to organisations’ systems. According to ‘IBM X-Force Threat Intelligence Index 2021’, human error was a major contributing cause in 95% of all data breaches in 2020, which means that mitigation of human error must be key to organisations’ cyber security strategy this year.
AVeS Cyber Security’s Group CEO Charl Ueckermann said security awareness and training are crucial in protecting businesses’ and their clients’ confidential information. In the first 100 days of the Covid-19 lockdown in 2020 alone, Mimecast researchers detected huge increases in spam attacks (up 46%), impersonation attacks (up 75%) and malware, which spiked by a staggering 385%.
“It is crucial for all organisations to realise that their employees have a defining role to play in strengthening the business’s cyber security capabilities and lowering its cyber risk exposure. It is simply not the responsibility of the IT department or technology alone. Cyber risk remains a business hazard,” Ueckermann said.
Through this campaign, AVeS Cyber Security is encouraging and teaching organisations to be pragmatic in planning and implementing solutions that address cyber security threats. The company’s plan of action includes taking quick assessments to identify current cyber risks of IT users within organisations, planning and strategising on suitable approaches that will resonate with users in a way that facilitates IT behaviour change. Whether through workshops, interactive group games, a training platform or end-to-end awareness campaigns, AVeS Cyber Security will ultimately test the initiatives for effectiveness.
Ueckermann acknowledges that to manage an organisation’s risks proactively requires business leaders to combine people, process and technology in their cyber security initiatives. Security awareness and training identifies and addresses risks successfully across all three categories and fulfills regulatory demands to protect confidential business and personal data. In further addressing a global cybercrime challenge, South Africa’s newly introduced data privacy legislation, Protection of Personal Information Act (POPIA), aims to ensure that organisations protect clients’ data as the country’s developing digital infrastructure becomes the reference point of more opportunistic and targeted cybercrime.
Security awareness and training can be used to strategically meet some of the legislation’s data privacy requirements while mitigating cyber risks and attacks, reducing operational costs, and protecting business assets. Ueckermann also noted that the strategic value of companies is becoming more and more captured within the digital data they process, such as financial data, intellectual property, and business tactics, which makes it even more crucial to protect.
“Case studies show that a weak cyber risk management system starts when IT governance is not in place. IT governance needs to be strongly led by the board of directors, and then well-executed by the IT department. An organisation’s leadership can start by answering five key questions. Where is the organisation on its data privacy and cyber security maturity journey? What are the most significant cyber risks facing the business? What are the extent and consequences of these cyber threats? What is the most pragmatic and effective approach to managing these risks? Who can facilitate the process of fast-tracking the organisation’s journey in reasonably mitigating high-risk cyber threats? ” Ueckermann said.
“The biggest challenge that contributes to organisations continuing to be victims of cybercrime is a lack of direction by executive management to prioritise the people-led safeguards in the business. With purpose-driven security awareness and training, organisations can put an effective risk management system in place and reduce many of the simple mistakes that have huge cyber security consequences, such as clicking on phishing links or inserting unknown USBs into Wi-Fi-connected computers.”
Indicating competency, innovation, and robustness in an industry that is fast growing in complexity due to evolving challenges such as ransomware, advanced targeted attacks and the “Internet of Things”, AVeS Cyber Security wants to ensure that all companies and their employees avoid becoming the weakest links in cyber security.
- Follow Grant Moyo on Twitter: @TotemGrant