Most cyber breaches are caused by human error: cybersecurity depends on you too
- Cybersecurity is an increasingly relevant topic in all areas of life, both business and personal
- More and more global companies, such as Santander, have cybersecurity training programs and offer bonuses to employees who know how to detect cyber scams, such as phishing
- The lack of specialised skills in cybersecurity will be one of the most important challenges that organisations will have to face in the coming years
Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, marks Cybersecurity Awareness Month by highlighting the need for each and every individual to prioritise cybersecurity, in both their business and personal lives, in order to fend off the ever-increasing risk of cyberattack.
RELATED: The African Challenge: Cybersecurity awareness on the continent
For companies, cyber risks are increasing all the time. In fact, according to Check Point Research (CPR), attacks increased by 59% compared to last year. Here in Africa, the weekly average of impacted organisations in 2022 is 1 out of 21, with an organisation on the continent being attacked on average 1,896 times per week in the last six months.
A recent World Economic Forum report revealed that 95% of cybersecurity problems are caused by human error, and if you add the global cyber skills shortage to the mix, then you have the perfect storm for a cybercriminal. The 2021 (ISC)² Cybersecurity Workforce Study showed that we are lacking almost three million cybersecurity professionals worldwide.
In light of this, some organisations have started to implement cyber initiatives for their employees. For example, Santander, a multinational financial services company, recently launched an incentive scheme whereby employee responses to phishing attacks are considered as part of the overall company bonus policy.
Check Point Software has also implemented various training initiatives to boost cybersecurity skills in the workforce across Africa. In Kenya, together with Strathmore University, Check Point SecureAcademy runs free training sessions with lecturers and students. And since 2021 in Johannesburg, together with Get Informed and local partners, Check Point Software has been offering cybersecurity training courses and internships to under-privileged youth in the community.
Having people and staff that are well trained in cyber hygiene is one of the best foundations for good cybersecurity, and so, for Cybersecurity Awareness Month, Check Point Software provides some useful information to help companies identify attacks.
- Phishing: this is a technique that is often successful due to a lack of employee training. Often in the form of an email, it is when a cybercriminal will impersonate a colleague, company or institution to obtain personal data to then sell, use for identity theft or to launch further cyberattacks. It’s important to be careful when receiving emails, particularly any that include an unusual request. You should check the sender address is legitimate, check for grammar errors and any misspelled words, and don’t click on any unfamiliar links or open attachments.
- Malware: this is malicious software that is designed to harm a device or network. In order for it to be successful, the victim has to install such software on their computer, which is usually done by clicking on a malicious link that automatically installs it, but it can also enter through a file such as an image, document or video attachment. Again, it is crucial to be careful when receiving emails that contain links or files, and only download software from official stores.
- Ransomware: this is a type of malware attack that blocks access to systems unless a ransom is paid. For some time now, there has been double and even triple extortion ransomware, capable of blackmailing the victim’s customers too. Like malware, it usually enters a device through a link from a trusted company or a file downloaded to it. Therefore, it is very important not to download anything from an unknown user and utilise multi-factor authentication.
To avoid becoming a victim of phishing, malware and ransomware, Check Point recommends:
- Enabling two-factor authentication: sign into your accounts with both a password and one other method. It could be a question, biometric data or a one-time code sent to your device. This creates an extra layer of security that prevents an attacker from being able to access an account with just a password.
- Using strong passwords: using the same keyword for everything, or simple combinations such as ‘123456’ or ‘password’, is making it too easy for cybercriminals. There are now a multitude of platforms that can generate strong, difficult-to-guess passwords with upper- and lower-case letters, numbers and symbols. Although we can also create them ourselves, it’s important to remember to use different combinations for each service.
- Learning how to recognise phishing: when an attacker sends a phishing email, there are usually some common identifiable traits such as misspellings or the fact that it asks for credentials to be entered. A company will never ask for a customer’s credentials on email. If in doubt, always go to the official page or platform of the company you want to access.
- Always keeping software updated: it is always advisable to update to the latest version of a company’s software as this is the way that they correct security errors of previous versions.
“Cybersecurity Awareness Month is an important time to not only raise awareness of cyber-safety but to drive real action among individuals. Most cyberattacks occur because of human error so it is in our hands to improve cybersecurity, both at home and at work. This is an essential activity in which we all have a part to play,” says Pankaj Bhula, Regional Director for Africa at Check Point Software. “The term ‘If you are not part of the solution, you are part of the problem’ fits perfectly when it comes to cybersecurity and users.”