2 minute read
Maintaining a human firewall
THE PERILS OF cybercrime are only becoming more prominent as Africa continues to find its feet in the digital age, posing a real threat to businesses looking to establish themselves in this new environment.
According to global cybersecurity and digital privacy company, Kaspersky, 40% of industrial control systems (ICS) computers were attacked with malware throughout 2022. In Africa specifically, this figure sits at 47%, with Ethiopia (62%), Algeria (59%) and Burundi (57%) experiencing the most attacks on ICS infrastructure. Other stand-outs included Rwanda (46%), Kenya (41%), Nigeria (40%),
Zimbabwe (40%), Ghana (39%), Zambia (38%) South Africa (36%), and Uganda (36%). This represents a high growth threat landscape, says Kaspersky, that no public or private sector entity – especially in critical areas such as energy and mining – can ignore.
“One infected USB drive or a single spearphishing email is all it takes for cybercriminals to bridge the air gap and penetrate an isolated ICS network. Traditional security is not adequate to protect industrial environments from rapidly evolving cyber threats. As attacks against critical infrastructure increase, choosing the right approach to secure systems has never been more important, remarks Brandon Muller,
Kaspersky tech expert and consultant in the Middle East and Africa region.
“Despite all the innovations in modern cybersecurity solutions, human error still plays a significant role in compromising ICS systems. As such, it needs to be managed much more proactively than what is currently happening.”
According to Kaspersky, building this requires the right security awareness and training solutions that go beyond basic training. These should deliver training that is easily digestible, practical, and memorable. Beyond that, sectorspecific interventions should be considered.
“It is a holistic approach towards ICS cybersecurity that incorporates hardware, software, and user awareness training components that will result in a hardened defensive posture around all aspects of OT security processes,” says Muller.
A cyber-conscious culture
The importance of proper training is reiterated by Michael Heering, marketing director, global field marketing at the SANS Institute, a company which specialises in information security, cybersecurity training and certificates.
He comments, “Training the workforce is critical in creating a strong cybersecurity culture and effectively mitigating cyber threats.
All employees, both technical and nontechnical, should receive regular training to understand the risks and identify threats. Continuous learning is vital, as even experienced security professionals can fall victim to the latest phishing scams. To stay ahead of cybercriminals, organisations must invest in ongoing education, training, and certification programmes for their personnel.
Heering continues, “Adopting new technologies and initiatives is crucial for organisations to tackle cyber threats effectively. This includes implementing advanced security solutions like artificial intelligence (AI) and machine learning (ML) to detect and respond to threats in real-time. Furthermore, embracing a zero-trust security model can help minimise the attack surface by limiting access to sensitive data and systems.
“Collaboration between industry partners, governments, and law enforcement is essential in sharing threat intelligence and developing effective countermeasures. Initiatives like information sharing and analysis centres can facilitate this collaboration, helping organisations respond to threats more efficiently,” Heering concludes. ❮❮
