The cybersecurity landscape is constantly changing, with malicious actors always on the move to devise new ways to target individuals and organisation. As such, the complexity of attacks continues to grow, as outlined in several industry reports.
The cost of attacks is increasing, too, raising concerns across the industry, underscoring the need for a plan to mitigate these technology-facilitated risks. People and organisation should therefore be more concerned.
In its report on the changing cybersecurity landscape in Africa, KnowBe4 highlighted a shift in behaviours on how people are increasingly becoming concerned about the impending invisible threats.
The latest Security Culture and Credential Sharing report highlight how improving an organisation’s security culture can help reduce risks.
Social engineering (where hackers trick employees into giving sensitive information that is used to bypass an organisations security protocols), according to the report, was vital to most successful hacker attacks in 2020.
The report, which studied the impact that security culture has on secure behaviour, empirically found a strong link between the two. It underscores the need for solid security cultures to mitigate human risk, which cost organisations millions of dollars annually.
Over the years, organisations have primarily focused on two tenets of the total three in the security triad — process and technology. The third factor, people, plays an equally important role in security, yet it has largely been ignored.
People are often the weakest link, says Anna Collard, SVP Content Strategy and Evangelist, KnowBe4 Africa.
“By improving your security culture, you are immediately improving employee behaviour and potentially plugging one of the biggest security gaps in every business – people.”
The report found a massive 52x difference between a poor and best security class in people sharing credentials during a simulated phishing attack.
It encourages every organisation to put a security culture programme focusing on the seven dimensions of security culture. The seven dimensions include attitude, behaviour, cognition, compliance, communication, norms and responsibility.
The importance of the security culture programme is to help organisations build a solid security culture with longevity and relevance.
“The more that the business focuses on security culture, the more likely it is that employees will follow secure practices and adopt more secure behaviours,” Collard concludes.