by Adv. Lufuno T Khorommbi (Ms), Cyber Law Consultant and MD of Orizur Consulting Enterprise

Have you ever wondered why some businesses are more vulnerable to cyber-attacks than others? In the 4th Industrial Revolution (4IR) where everything is connected to everything, information has become the most valuable asset for every organization, big or small. It is unfortunate, however, that though cyber threats are growing both in their prevalence and in their disruptive potential, cyber security remains an afterthought for many organisations.

According to IBM, companies lose on average $2,5 million every time they get hacked, costing a business financial loss, reputational damage, customer relations, and operational costs. Lessons could be learned from some of the recent examples of the devastating impact of these attacks; which include amongst others Johannesburg City Power, Liberty, and the City of Johannesburg in South Africa.

Employees are considered central to an organization’s ability to operate safely and securely; yet amongst the major contributors of organisations’ online vulnerabilities are the employees. Cyber-attacks that are unintentionally enabled by unaware, untrained, unskilled employees are on the increase. Pwc Global State of Information Security Survey 2018 Report reveals that over 90% of all successful attacks are as a result of information unknowingly provided by employees. The Survey Report also reveals that despite the 58% increase in the number of employee related security breaches; cyber security awareness training and education remains an afterthought for many organizations.

With cyber-attacks against both corporates and the public sector institutions on the rise, employees’ training and education is one of the critical success factors in creating a cyber compliant environment because it provides them vital information on how to respond appropriately to the most up to date cyber security threats. Informed employees contribute to the organizational cyber aware environment; whilst reducing cyber security risks. Undeniably, employees are central to an organization’s ability to operate safely and securely. 

It is important that when we are online, we become cyber security savvy, and know how to behave online and consistently practice good behaviour. Otherwise, we become vulnerable to cyber-attacks. 

A cyber-attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems. 

One of the most grievous cyber-attack is insider threat. Not every network attack is performed by someone outside an organization. Inside attacks are malicious attacks performed on a computer system or network by an individual authorized to access the system. Insiders that carry out these attacks have the edge over external attackers since they have authorized system access. They may also understand the system policies and network architecture. Furthermore, there is less security against insider attacks since most organizations focus on defending against external attacks.

Insider threats can affect all elements of computer security and range from injecting Trojan viruses to stealing sensitive data from a network or system. The attackers may also affect the system availability by overloading the network or computer processing capacity or computer storage, resulting in system crashes.

Therefore, as much as organisations put efforts into curbing cyber-attacks, there is a clear need to put more emphasis on insider threats.