The banking sector and its clients incurred losses of more than R1 billion in 2022 as a result of card fraud, ATM bombings and ‘vishing’ incidents, among others. (Getty Images)
Despite advanced technological safeguards, the human element remains one of the weakest links in cybersecurity. In the rush of daily life, the importance of vigilant online behaviour is often overlooked.
The shift to remote and hybrid work models during the pandemic has created major new cybersecurity challenges for South African businesses. With employees increasingly working outside the office and relying on personal devices, companies are being forced to rethink their cyber defences. Recently, a new piece of ransomware was discovered locally, targeting healthcare and education with demands of up to R14 million.
Cybersecurity to be prioritised
“As organisations and end users rely on digital tools to remain productive in a hybrid work environment and to conduct their personal business, cybersecurity must become a priority,” says Reza Joseph, Product Manager at ITC consultancy firm Itec.
Reza Joseph – Product Manager Integrate & NEC at Itec
Joseph says the nature of remote work means that the perimeters of the corporate network have expanded exponentially, which makes securing endpoints and devices more important than ever. “Every single endpoint poses a potential risk and must therefore be kept as secure as possible. Furthermore, it is vital to protect the employee devices from malicious users employing sophisticated social engineering techniques,” he explains.
Itec’s Ria Mey says companies can start by ensuring basic perimeter security such as firewalls are installed before expanding protection: “People must start realising the risks associated with unsecured mobile devices. Smartphones need cybersecurity solutions in place, as they provide a key access point to the corporate network.”
Mey says the fundamentals of cybersecurity become even more critical for hybrid and remote workers.
Incorporate user awareness training
For remote workers, even basic steps to safeguard networks are essential. “Changing passwords and keeping software up to date with the latest patches can make a massive difference to the cybersecurity stance of a company,” Mey notes. “We are seeing a lot of phishing attacks targeting emails, which means that in addition to hardware and software solutions, user awareness training must be incorporated into an effective cybersecurity strategy.”
Ria Mey – Pre-Sales & Product Manager Digital Transformation & Network Security at Itec
Gone are the days when cybersecurity can be seen as the sole responsibility of IT professionals and security experts. Experts agree that training programmes and awareness drives are a critical first step in safeguarding systems, teaching employees how to identify and respond to potential threats. Simple practices like using strong, unique passwords, enabling multi-factor authentication, and being cautious about suspicious emails can go a long way to safeguarding digital spaces.
While ransomware and phishing remain major threats, Mey says new risks are also emerging. “Cloud-based threats have grown in magnitude and sophistication. Just because a company is using a cloud service provider does not automatically mean its data is safe when employees access it remotely,” she says.
Important to stay one step ahead
Although advances in technology come with new threats, these innovations also provide powerful tools to combat them. Artificial Intelligence and machine learning algorithms are being deployed to identify and mitigate threats in real time. Blockchain technology is revolutionising data security and privacy. By staying abreast of these innovations, companies and individuals can ensure that they remain one step ahead of those looking to exploit these advances for nefarious purposes.
Penetration testing exercises in hybrid environments should be undertaken to identify vulnerabilities and mitigate risks. “A penetration testing exercise is ideal for a business that wants to get a better understanding of its cybersecurity footprint,” Joseph explains.
According to Joseph, partnering with cybersecurity experts is ultimately the best way for companies to lock down hybrid workforces and remote access. “With the workplace landscape changing so rapidly, companies that fail to adapt their cyber defences are leaving themselves dangerously exposed.”