Organisations should view Cybersecurity training as a prerequisite and not just optional extra

Johannesburg – The global pandemic caused a global shift to remote and hybrid work, forcing organisations to pivot the way they operate practically overnight with little to no preparation.

Organisations had to accelerate their reliance on autonomous and digital technology so that they could reach customers in their homes. However, as technologies become more interconnected, cyber criminals are equally capitalizing on the growth and reliance of technologies by wreaking havoc against both large and small organisations, in the public and the private sectors.


The consequences of these threats can be severe, resulting in production and revenue losses, regulatory fines, reputational damage, as well as a shutdown of critical infrastructure. It is reported that approximately 80% of consumers are likely to defect from a business that has had their data compromised.

It is pertinent for organisations to conduct a cyber-hygiene exercise, attack vectors and vulnerabilities to ensure that they employ the correct controls to improve security and protect their assets.

Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security. It needs to be done regularly to ward off any threats.

Another factor that may give rise to attention of cyber criminals is the awareness created by news coverage on a country.

In the recent weeks, South Africa drew the attention of global news networks due to the protests that resulted in looting and vandalism, affecting many prominent retail shops in the country. This could have seemingly resulted in making the country a centre of attention to cyber criminals purportedly resulting in the cyber-attack on South Africa’s port operator, Transnet and the Blood Services. Transnet Ports Authority declared force majeure on their operations after their cargo tracking software, a system used to tell where containers are and what they are carrying, and to calculate customs taxes, was hacked.

Downtime means that some incoming ships were forced to turn back, incurring lost revenue and non-delivery penalties, which they may ultimately pass on to Transnet. Transnet has not said whether the cyberattack was a ransomware incident, or a failure of its own systems.

A ransomware attack is literally the insertion of a type of malicious software designed to block access to a computer system until a sum of money is paid to the hackers.

The Western Cape Blood Service (WCBS) attack incident that happened last week, which forced the non-profit organisation to resort to manual, offline processing while it restored its systems from backup. WCBS confirmed that the organisation had fallen victim to a cyberattack but denied market speculation that it was a ransomware attack.

This is just to mention a few, just in is the case in point of the desperate measures we see cyber criminals undertake. A case in point is one where the hackers who breached Electronic Arts Sports last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer.

According to recorded future this data was intended to be sold at $ 28million USD. Initially, the hackers hoped to find buyers on the underground market, where source code data of that nature is attractive. Apparently, they failed to find a buyer, and the hackers tried to extort EA, at a ransom to avoid having the data leaked online.

After failed attempts they released a cache of 1.3GB of FIFA source code on July 14 2021, only to release the entire data two weeks later. Seemingly organisations should consider and re-think towards cyber-hygiene culture and practices.

Turning to Cybersecurity experts for a proactive approach to guard against these cybersecurity attacks through building a human firewall on their personnel throughout the organization is now imperative.

Be mindful that the first point of contact cyber criminals have is on the end users within an organization, which are the employees.

If cyber awareness is not turned into a culture it can become an effective weak point for cyber criminals to strike. The effort exerted by organisations in building their brand should equate the investment made on raising security awareness.

A brand that has been methodically built over many years and decades can be destroyed overnight when the trust is compromised as a result of a successful cyber-attack. Cybersecurity awareness training should be prioritised and regular training should be implemented.

Typical training starts with testing your systems using Simulation Tools, which is a controlled environment to assess the vulnerability of your systems to the risks.

Employees need to be trained by an expert and after the training be kept on their toes. The traditional once a year training does not do it anymore, frequent awareness is required.

It important to note that automated email filters have an average of 7-10% failure rate. This is where you will need a strong human firewall as your last line of defence.

By Raymond Chiimba.

Raymond Chiimba is the Group CEO of Africawide and regularly contributes on Technology and Business trends in Africa.

Raymond Chiimba
Raymond Chiimba

Also read: 

Shona Ferguson to be laid to rest at private ceremony on Wednesday

#MohaleConfessions: Fergusons dragged into Somhale’s meltdown

Listen: Exclusive Mohale Motaung’s interview

#MohaleConfessions: Somizi ‘threatened to kill me with a kitchen knife’

Connie Ferguson on verge of breakdown

Follow @SundayWorldZA on Twitter and @sundayworldza on Instagram, or like our Facebook Page, Sunday World, by clicking here for the latest breaking news in South Africa. To Subscribe to Sunday World, click here.

Sunday World

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News