An organisation’s employees are the biggest cyber security threat to its operations if they are not adequately trained to combat cybercrime, Dele Aden Chief Executive Officer of Delta3 International, has said.
“When we think of cyber security threats, many of us conjure up images of shadowy figures conducting attacks from the privacy of their bedrooms. As hard as it might be to believe, though, an organisation’s biggest security risks actually its own employees,” he told the B&FT.
“Employees are a company’s greatest assets, but also its greatest security risk. If we look at security breaches over the last five years, it is pretty clear that employees, whether it is through accidental or intentional actions, represent the single most important point of failure in terms of security vulnerabilities,” he added.
Speaking at recent workshop organised by Delata3 International, in partnership with the Ministry of Communications, Mr. Aden urged organisations to undertake more education for employees to mitigate against cyber attacks.
“Education is prevention. Ensuring that every employee is aware of the potential threats they could face, whether it is a phishing email or using an insecure network, could be the difference between getting hacked, and avoiding the risk altogether.
Organisations wishing to mitigate such risks must stretch beyond traditional methods of cyber security awareness, such as computer-based education, emails and posters. Instead, the aim should be to create a cyber security culture through staff awareness training,” he added.
The 2017 Cyber security breaches survey by the Department for Culture, Media and Sports, United Kingdom, shows that 72percent of reported cases of cyber security breaches occur after a staff member receives a fraudulent email, but, only 20percent of staff surveyed had attended any form of cyber security training.
According to a recent BBC report, cybercrime is Africa’s ‘next big threat’ to business growth and prosperity. The report concluded that the importance of regular cyber security awareness training for all computer and mobile phone users in an organisation has never been greater.
Data from the 2016 Africa Cyber Security Report, authored by Serianu, an information technology services and business consulting firm, in conjunction with United States International University-Africa’s Centre for Informatics Research and Innovation, says Africa lost US$2billion to cybercrime with Ghana losing US$50million.
Never pay hackers when attacked
Mr. Aden advised companies to never pay hackers when their websites are breached as that could make them vulnerable to more attacks in the future.
When delegates at the workshop, debated whether to pay hackers or not to pay them because of the information they are scared to lose, Mr. Aden noted that hackers can’t be trusted and might not give back the data lost to them or even attack often since they know they can get financial returns.
"Best advice is, do not pay to ransomware, call in the experts and call in the law agencies. Please do not pay to ransomware. Because if you pay, you are encouraging them to do it more so they going to come back. If you pay, they may not give you the encryption key so you may not get your data back. If you pay, you are enriching them, they go back and get even more determined. So don’t pay is the advice,” he cautioned.
Source: Bernard Yaw Ashiadey l thebftonline.com l Ghana