The lack of specialised skills in cybersecurity will be one of the most important challenges that organisations will have to face in the coming years
There is growing need for each and every individual to prioritise cybersecurity, in both their business and personal lives, in order to fend off the ever-increasing risk of cyberattack.
For companies, cyber risks are increasing all the time. In fact, according to Check Point Research (CPR), attacks increased by 59% compared to last year. Here in Africa, the weekly average of impacted organisations in 2022 is 1 out of 21, with an organisation on the continent being attacked on average 1,896 times per week in the last six months.
A recent World Economic Forum report revealed that 95% of cybersecurity problems are caused by human error, and if you add the global cyber skills shortage to the mix, then you have the perfect storm for a cybercriminal. The 2021 (ISC)² Cybersecurity Workforce Study showed that we are lacking almost three million cybersecurity professionals worldwide.
In light of this, some organisations have started to implement cyber initiatives for their employees. For example, Santander, a multinational financial services company, recently launched an incentive scheme whereby employee responses to phishing attacks are considered as part of the overall company bonus policy.
Check Point Software has also implemented various training initiatives to boost cybersecurity skills in the workforce across Africa. In Kenya, together with Strathmore University, Check Point SecureAcademy runs free training sessions with lecturers and students. And since 2021 in Johannesburg, together with Get Informed and local partners, Check Point Software has been offering cybersecurity training courses and internships to under-privileged youth in the community.
Having people and staff that are well trained in cyber hygiene is one of the best foundations for good cybersecurity, and so, for Cybersecurity Awareness Month, Check Point Software provides some useful information to help companies identify attacks.
- Phishing: this is a technique that is often successful due to a lack of employee training. Often in the form of an email, it is when a cybercriminal will impersonate a colleague, company or institution to obtain personal data to then sell, use for identity theft or to launch further cyberattacks. It’s important to be careful when receiving emails, particularly any that include an unusual request. You should check the sender address is legitimate, check for grammar errors and any misspelled words, and don’t click on any unfamiliar links or open attachments.
- Malware:this is malicious software that is designed to harm a device or network. In order for it to be successful, the victim has to install such software on their computer, which is usually done by clicking on a malicious link that automatically installs it, but it can also enter through a file such as an image, document or video attachment. Again, it is crucial to be careful when receiving emails that contain links or files, and only download software from official stores.
- Ransomware:this is a type of malware attack that blocks access to systems unless a ransom is paid. For some time now, there has been double and even triple extortion ransomware, capable of blackmailing the victim’s customers too. Like malware, it usually enters a device through a link from a trusted company or a file downloaded to it. Therefore, it is very important not to download anything from an unknown user and utilise multi-factor authentication.