Human error & rising cyber threats

0
157

Business leaders get it wrong when they assume that cyber resilience is only about digital tactics and tools. Cyber resilience strategies are destined to fail if they do not take the human element into consideration.

To have a robust cyber resilience strategy, organisations must embed cyber resilience into the culture and every aspect of operations. At the current pace of awareness and strategic prioritisation, South African organisations are falling further behind, and are unable to adequately withstand cyber-attacks.

Making sound strategic cyber resilience investments

Cyber threats are evolving at an alarming rate, making it imperative for organisations to adopt a strategic approach to embedding cyber resilience.

We aim to assist organisations address this on several levels, from organisation culture, policies, governance, and technology infrastructure, to making sound strategic cyber resilience investments.

In mid-2023, Kaspersky, a global cyber security company, reported that there was a notable increase in ransomware attacks in South Africa, with a significant rise of 10% over the previous quarter. Similarly, last year Interpol reported that South African organisations are the targets of 42% of ‘detected ransomware attacks’ in Africa.

In an environment fraught with cyber threats, resilience strategies must go beyond being reactive responses. They demand anticipation, response, and recovery. There is an urgency for organisations to have a full understanding of their threat landscape, aligning activities and investments with a structured programme for resilience.

Championing a culture of resilience

Many organisations lack a comprehensive and strategic approach to building cyber resilience, reacting to incidents rather than proactively preparing. There is a glaring disconnect between operational teams and executives as a major hurdle. The importance of leadership by example when building a cyber resilience culture are stressed.

Executives must champion a culture of resilience, aligning technology and cyber preparedness with the organisation’s goals. It is common to note the absence of executive participation in cyber awareness and education initiatives. If leaders do not take cyber resilience seriously, neither will their employees. Executives are failing to take a strategic approach in capacity building and bolstering processes that will bolster cyber resilience.

While South African organisations are making progress, the pace is very slow and restricted to certain industries that require public disclosure of cyber attacks. Regulatory gaps combined with general complacency are creating significant risks to South African organisations.

We cannot overstate the importance of taking proactive measures, and ensuring budgets and resources are allocated effectively to address cybersecurity risks. To take any other approach exposes organisations to extremely high levels of risk that could devastate infrastructure, data, operations, and profitability when they become targets of cyber criminals.


André Swart | Managing Director | Ziyasiza Consulting | mail me |

Edwin Mpofu | Head | Cyber Defence | Wolfpack Information Risk | mail me |




LEAVE A REPLY

Please enter your comment!
Please enter your name here