Following the recent data breach in South Africa, HEINO GEVERS, Customer Experience Director at Mimecast, has outlined three tips for creating an effective cybercrime training initiative essential for companies.
Recent statistics released by Vanson Bourne and Mimecast show that less than half of South African companies are completely confident with the staff training they currently have in place to counter email cyber-attacks. As many as 46% only have some confidence and 6% have very little confidence. This is alarming, given that email phishing or spear fishing is responsible for more than 90% of all breaches.
While it’s essential for companies to invest in security technology to mitigate incursions and limit the damage of successful attacks, it only takes a single compromised email for a cybercriminal to breach an organisation’s perimeter. To ensure that money invested in email-security isn’t going to waste, companies will have to implement an effective awareness and training programme for staff.
Here are a few tips to consider when implementing this programme:
- Recognise the importance of leadership
Select leaders across the entire organisation to champion the importance of cybersecurity. The champion should have the trust and the ear of the executive team and must be able to secure the necessary financial and human resources.
A project leader or manager handles the strategic and tactical work of a team charged with developing and executing cybersecurity communications and training. Build out the team with employees from different departments and at different organisational levels to ensure a diversity of insights during the planning process. This also shows employees that this is truly an all-organisation endeavour.
It’s especially important to have someone from training and learning/human resources and public relations on the team since they are your internal experts on teaching and communicating.
Year-round communication is vital, so the message doesn’t lose its effectiveness. According to the Vanson Bourne and Mimecast research, only 21% of responding organisations in South Africa offer cybersecurity training monthly or more regularly, and more than a third only train employees annually or less frequently than that. It’s up to the champion to keep cybersecurity top of mind, with continuous training, throughout the year.
- Assess your capabilities and understand your risk
A complete audit of your cybersecurity is the best way to understand the kinds of threats your organisation faces and will give you a clear sense of vulnerability. Your IT team may be able to perform these tasks, but it’s crucial that you work with an outside vendor that specialises in email cybersecurity, or cybercrime prevention in general.
It’s important for all staff to be familiar with different forms of cybercrime and to understand how they work. This includes techniques such as ransomware like the infamous WannaCry, whaling and email wire transfer fraud. You need to know what to look for and how to prevent such targeted attacks.
- Focus on the priorities first
It’s important that you develop awareness and training programmes that address known and/or anticipated threats first. That way you can successfully protect your organisation’s network, without putting a large drain on resources. At the same time, you don’t want to create an environment of fear and anxiety, where users think cybersecurity is too big to handle and are scared away from best practices.
A successful cybersecurity campaign can do wonders for your organisation, potentially saving you from disaster. Smart security technology is still your number one priority, but ultimately, your organisation is as vulnerable as your most unassuming end user.
Kenya tool to help companies prepare for emergencies
After its team members survived last week’s Nairobi terror attack, Ushahidi decided to release a new preparedness tool for free, writes its CEO, NAT MANNING
On Tuesday I woke up a bit before 7am in Berkeley, California where I live. I made some coffee and went over to my computer to start my work day. I checked my Slack and the news and quickly found out that there was an ongoing terrorist attack at 14 Riverside Complex in Nairobi, Kenya. The Ushahidi office is in Nairobi and about a third of our team is based there (the rest of us are spread across 10 other countries).
As I read the news, my heart plummeted, and I immediately asked the question, “is everyone on my team okay?”
Five years ago Al-Shabaab committed a similar attack at the Westgate Mall. We spent several tense hours figuring out if any of our team had been in the mall, and verifying that everyone was safe. We found out that one of our team member’s family was caught up in the attack. Luckily they made it out.
At Ushahidi we make software for crisis response, including tools to map disasters and election violence, and yet we felt helpless in the face of this attack. In the days following the Westgate attack, our team huddled and thought about what we could build that would help our team — and other teams — if we found ourselves in a similar situation to this attack again. We identified that when we first learned of the attack, nearly everyone at Ushahidi had spent that first precious few hours trying to answer the basic questions, “Is everyone okay?”, and if not, “Who needs help?”
People had ad-hoc used multiple channels such as WhatsApp, called, emailed, or texted. We had done this for each person at Ushahidi (their job), in our families, and important people in our community. Our process was unorganised, inefficient, repetitive, and frustrating.
And from this problem we created TenFour, a check in tool that makes it easier for teams to reach one another during times of crisis. It is a simple application that lets people send a message to their team via SMS, Slack, Voice, email, and in-app, and get a response. It also works for educational institutions, companies with distributed staff, as well as part of neighbourhood networks like neighbourhood watches.
This week when I woke up to the news of the attack at Riverside, I immediately opened up the TenFour app.
Click here to read how Nat quickly confirmed the safety of his team.
Kia multi-collision airbags
The world’s first multi-collision airbag system has been unveiled by Hyundai Motor Group subsidiary KIA Motors, with the aim of improving airbag performance in multi-collision accidents.
Multi-collision accidents are those in which the primary impact is followed by collisions with secondary objects, such as other vehicles, trees, or electrical posts, which occur in three out of every 10 accidents. Current airbag systems do not offer secondary protection when the initial impact is insufficient to cause them to deploy.
However, the multi-collision airbag system allows airbags to deploy effectively upon a secondary impact, by calibrating the status of the vehicle and the occupants.
The new technology detects occupants’ positions in the cabin following an initial collision. When occupants are forced into unusual positions, the effectiveness of existing safety technology may be compromised. Multi-collision airbag systems are designed to deploy even faster when initial safety systems may not be effective, providing additional safety when drivers and passengers are most vulnerable. By recalibrating the collision intensity required for deployment, the airbag system responds more promptly during the secondary impact, thereby improving the safety of multi-collision vehicle occupants.
“By improving airbag performance in multi-collision scenarios, we expect to significantly improve the safety of our drivers and passengers,” said Taesoo Chi, head of the Hyundai Motor Group’s Chassis Technology Centre. “We will continue our research on more diverse crash situations as part of our commitment to producing even safer vehicles that protect occupants and prevent injuries.”
According to statistics by the National Automotive Sampling System Crashworthiness Data System (NASS-CDS), an office of the National Highway Traffic Safety Administration (NHTSA) in USA, about 30% of 56,000 vehicle accidents from 2000 to 2012 in the North American region involved multi-collisions. The leading type of multi-collision accidents involved cars crossing over the centre line (30.8%), followed by collisions caused by a sudden stop at highway tollgates (13.5%), highway median strip collisions (8.0%), and sideswiping and collision with trees and electric poles (4.0%).
These multi-collision scenarios were analysed in multilateral ways to improve airbag performance and precision in secondary collisions. Once commercialised, the system will be implemented in future new KIA vehicles.