As Kenyan companies wrestle with growing cybersecurity threats, the weakest link is their own employees, experts have warned.
“Employees prefer convenience over security. This is where a majority miss the mark. On the other hand, many are not aware of the consequences of their convenience and this is why companies need to train their employees," says Michael Kangethe, a lecturer at KCA University and also a software developer and a cyber-security consultant.
He says many employees are not aware of the huge risk associated with a data breach. Cybercriminals go after employees by identifying their weaknesses such as how they handle the company property and their day-to-day life.
“Cybercriminals identify one employee and monitor their movement for a while. After they have noticed some weaknesses, they attack. The weaknesses can be in the form of where they drink, how they handle the company’s property and how they spend money. This is why employees need to be trained,” he says.
Mr Kangethe adds that apart from training the employees, there is a need for companies to create technical security policies.
“A company can decide to create a policy where at 5 pm, no one can access the system. Such technical cybersecurity policies can also help,” he adds.
Tyrus Muya, a cyber security consultant specialising in leadership, governance, risk and compliance says cybersecurity training should begin with the top executives and to subordinates.
Top executives need to be alive to growing threats and tighter regulations.
“Employees are the weakest link from simple to complex attacks. A majority of top executives are also ignorant about cyberattacks. They should also be trained,” says Mr Muya.
With the increasing number of cyberattacks worldwide, there is a need for companies to invest in training employees on cybersecurity and data breach matters.
This is because one mistake from a single employee might cost a company millions of shillings.
A report released by Kaspersky titled IT Security Economics survey shows that data leakages of internal systems caused either by cyberattacks (20 percent) or employees (21 percent) in the Middle East, Turkey, and Africa (META) region are the most concerning security issue.
Heightened concerns over data protection increasingly also turn business leaders’ attention to the transparency policies of their suppliers.
Global digitalisation has inevitably led to massive amounts of data being shared and stored online.
According to the latest estimates, the volume of data generated, consumed, copied, and stored is projected to reach more than 180 zettabytes by 2025.
Although such huge data may land in the hands of different people, the big question remains to be the safety of the data.
Kaspersky’s global research, conducted among IT decision-makers, shows a loss or exposure of corporate and customer information because of a data breach is a major headache for companies – 55 percent of respondents from organisations of all sizes in the META region named this issue the most challenging aspect related to IT security.
Among other most common concerns are the cost of securing increasingly complex technology environments and issues with cloud infrastructure adoption with 43 percent and 39 percent share respectively.
Thinking more specifically about the most distributing security challenges, respondents from the META region mostly indicated leakage of data from internal systems caused by cyber-attacks (20 percent) and by employees (21 percent).
Globally, these incidents have stopped identifying vulnerabilities in a company's IT system and incidents affecting IT infrastructure hosted by a third-party noted by 20 percent and 19 percent respectively.
Given that data protection has turned into the most alarming business security issue, companies are now attaching considerable importance to their suppliers’ and contractors’ transparency policies.
Of those questioned in the META region, 96 percent consider the presence, or absence of transparency policies to be important for going into business with a supplier or contractor.
And while 81 percent of surveyed organisations already have transparency policies in their organisations, 82 percent confirmed their readiness to invest resources in developing it further.
“Today, we see organisations are being more conscientious when it comes to data security and that a responsible approach towards data management is becoming essential when considering suppliers and contractors. To help their customers and partners ascertain that the required standards for ensuring data security are applied, more and more companies are adopting transparency policies,” noted Yuliya Shlychkova, the head of Public Affairs at Kaspersky.
To minimise the risk of any attacks and data breaches for businesses, one can use end-point protection with a proven track record providing capabilities for threat detection and response.
In addition, managed protection services will help organisations with their attack investigation and expert response.
Comprehensive cybersecurity awareness training teaching on how to avoid common security threats is also required to reduce the likelihood of incidents caused by employees.
