By Gert Janzen, product manager at SEACOM
South Africa’s corporate and public sectors are under immense pressure to uphold the security practices and values that go together with digital transformation. As industries evolve, so too does the nature of the threats they face. Cyberattacks are predicted to cost South Africa around R2,2 billion in 2024 and a recent survey of IT and cybersecurity decision-makers found that 50% of local organisations have experienced up to four attacks over the past year.
Given this prevalence, it’s imperative that enterprises make security a defining characteristic of their IT operations as well as their workplace culture. Eliminating vulnerabilities throughout the organisation starts by equipping people with the knowledge and tools to protect themselves – thus establishing a benchmark for themselves as well as their greater industries.
Understanding the human factor
The simple truth is that, when it comes to the threats or incidents that businesses may typically face, human error will likely be the cause. Research has shown that human error can be a contributing factor in as much as 95% of all security incidents and, according to the Proofpoint 2024 Voice of the CISO report, almost three quarters (74%) of surveyed CISOs identify it as the most significant vulnerability.
Incidents caused by human error boil down to unintentional actions or lack of action on the part of personnel. Errors can be skills-based or decision-based. An example of the former is incorrectly configuring a firewall or security setting on a server. An example of the latter is mistaking a phishing email for a legitimate one. There are many more examples including reusing or relying on weak passwords, unauthorised application installations and exposure of sensitive data and missing security patches and unprotected devices.
Facing all these potential kinds of vulnerabilities, enterprises need to go to the root cause. In other words, they must make security a fundamental component of their culture and an enshrined characteristic of their human resources.
Security as culture
Best practice for building an effective security culture in any organisation is to promote a sense of responsibility and accountability where every employee feels a level of responsibility towards the digital safety and integrity of the business. Second to this is enshrining continuous learning and adaptation. Employee training should go above and beyond basic awareness and include simulations and hands-on training that exposes people to real-life scenarios, establishing protocols and standard response procedures against perceived or ongoing threats.
Where applicable, organisations should also centralise their cybersecurity functions in the form of a dedicated team or operations centre. While security may be a shared responsibility throughout the workforce, a department whose priority is to monitor, detect and respond to cyberthreats goes a long way in reinforcing the overall security posture of the organisation. Centralised and dedicated security is also a key benefit of outsourcing your cybersecurity needs to a managed services provider.
Technology as an enabler
With the human factor taken care of, South African enterprises need to focus on their portfolio of cybersecurity solutions and the products and services that make up that portfolio. At a time when businesses are increasing their cyber budgets, they can leverage sophisticated tools such as security information and event management (SIEM) systems, secure access service edge (SASE) and endpoint protection and response (EDR), which combine to create a comprehensive layer of security and oversight across their networks. These and other technologies are additional to traditional tools and processes such as antivirus software, data encryption and email filtering and anti-spam programs, which are all essential for organisations of all shapes and sizes.
Security technologies and solutions that encompass all infrastructure components are the foundation on which businesses build their security culture and enable them to operate, grow and transform with assurance and peace of mind. Whether managing security yourself or with the help of trusted vendors, by removing the potential for human error and investing in solutions that upgrade your security arsenal, organisations can better secure their success in the digital age.