October is National Cyber Security Month. This initiative started in 2004 in the United States of America. The goal behind this initiative is to encourage vigilance and protection by all computer users. Cyber security awareness is very important to both companies and individuals because it is everyone’s responsibility to help protect the confidentiality, availability and integrity of information and assets. Companies spend thousands if not millions of ZAR in hardware and software to protect their systems, but processes and staff education is often neglected.
We are all familiar with the adage “Prevention is better than cure” therefore cyber security awareness needs to be part of an organisation’s culture. Training and awareness programmes should not be regarded merely as a check box exercise. Staff should have a deep understanding of the risks associated with cyber threats and attacks. In the past I have run a number of awareness programmes and the approach I have always taken is to bring the problem closer to home. Make it personal so that people can relate to it. Focus on real life examples.
It frightens me that when I speak to people, they have never heard of social engineering or some of the most basic cyber attack methods. A lot has been done in terms of educating people against phishing attacks but there needs to be more awareness around the aspect of social engineering.
Social engineering is the art of manipulating people to part with confidential information. For cyber criminals the challenges around social engineering are reduced as a result of people’s obsession to capture and record their entire lives on social media. A cybercriminal can often gain a lot of information about people and the companies they work for by trolling them on the various public platforms. This is why awareness programmes should extend to people’s personal lives.
Security research firm Symantec compiled a report that ranks the top 20 countries which face or cause the most cybercrime. Luckily South Africa does not feature in the list however, that being said, there does not seem to be any reliable stats with regards to where South Africa ranks in terms of cybercrime. The USA, China and Germany top this list respectively.
So, to quote Martin Luther King – “I have a dream”. My dream is that instead of sitting through long commercial breaks and watching mind numbing adverts, the radio and tv broadcasters could find a way to include cyber security awareness snippets for mom, dad, granny, grandpa and the rest of the family to watch while they wait for their favourite show to return. All in the name of a safer country.