Thank you for signing up!

Thank you for signing up for our newsletter. It's a great way to stay up to date with everything about Grove Group.

Lessons learnt from South Africa’s most recent cyber attacks: Lesson 4

Accountability and Responsibility

Sticking your head in the sand or ignoring the problem, hoping that it will go away, is not helpful. There needs to be accountability and responsibility from leadership to protect their digital assets and employees from cyber attacks.

“Organisations who undergo digital transformations often make significant productivity gains, via increased speed and access to data, more rapid data analysis, and related data storage cost savings,” says Krishna Radhakeesoon, Partner at BDO in Mauritius. “However, many of these same organisations have encountered costly cyber attacks in the form of socially-engineered spear-phishing attacks, business email compromise or spoofing attacks, and/or ransomware attacks. This is a symptom of inadequate or reactive cyber security approaches during their digital transformation. Thus, it’s important for organisations to realise that, as part of their cyber strategy, they have to implement unique cyber defence solutions before the attack happens!”

Board members need to recognise and be accountable for cybersecurity as a core business risk. Security leaders need to recognise that a new approach to cybersecurity is key to de-risking the threat of a major cyber attack. Very importantly, resource constrained security teams need to be enabled with tools that help them be better rather than limiting them to continue putting out fires, and not building up efficient mechanisms to handle the defense.

This is unfortunately sometimes limited by the availability of sufficiently skilled cyber resources that are affordable for some organisations, leaving them debating whether to build internal capabilities or to outsource. Coupled with the investment in cybersecurity which is often insufficient, this leaves existing IT security teams constrained and overwhelmed.

But the investment does not only need to focus on infrastructure and software solutions, but also on cyber awareness training. Human Error is a significant contributor to cyber attacks, accounting for more than 90% of attacks, and continuous training is an integral part of a robust cyber defence.

“There simply isn't enough budget or resources assigned to cybersecurity,” says Johann Kritzinger, Head of Cybersecurity Deployments at Grove. “While uptime and productivity are obviously extremely important to any organisation, all of that becomes useless if the organisation is in the grips of a cyber attack. There needs to be a serious paradigm shift in thinking when signing the all important bottom line on IT Budgets. Spending the money now will save the organisation a lot more in the future."

Sources:

  1. Insight into the cyber threat landscape in South Africa
  2. Forrester Report on The Emergence of Offensive AI
  3. Phishing from the inside: Microsoft 365 account hijack
  4. Darktrace Antigena: The Future of AI-Powered Autonomous Response
  5. The State of Email Security 2020
Tags:

Recent Tweets