Assessing the human equation in the cybercrime epidemic
- June 25, 2018
Opinion piece by Nicol Mullins, principal consultant at Mercer Consulting South Africa
Cybercrime is rampant in South Africa. In a 2017 report, Gartner predicted that cybercrime might become the greatest threat to every person, place, and thing in the world within the next five years. The recent data breach at Liberty is testament to this. Recently, the company had reported that hackers had infiltrated their IT system and had threated to reveal critical customer data should a ransom not be paid. In another breach, close to a million (934,000) personal records of South Africans have reportedly been publicly exposed online, following what appears to be a governmental leak.
On closer inspection, a common vulnerability linked to cybercrime has been the human factor. Local findings have shown that one in three South African businesses has been hit by cybercrime, with this type of crime proving that people are the weakest link in this modern phenomenon. This was echoed by Symantec who states that of the attacks that were reported locally, it was found that one in every 214 emails sent in South Africa was actually a spear phishing attack, which is the fraudulent practice of sending emails purporting to be from a known or trusted sender.
From a business perspective, elements that are therefore tightly linked to the rise in cybercrime are Bring Your Own Device (BYOD) and flexible workforces. Today employees are using their personal devices for both personal and professional reasons. These same employees place businesses at risk by not having the right firewalls in place, not updating passwords and even opening up suspect emails, which provide hackers with the key to company infrastructure. These risks are further exasperated by the fact that many organisations have no defined security policies in place and that employees view IT security as a barrier rather than an enabler for business.
With employees at the heart of these vulnerabilities, HR professionals need to play a greater role in circumventing these potential threats. In order to tackle to issue head-on, HR professionals may consider these steps:
Defining the rules when working from home
The 2018 Mercer Talent Trends report revealed that 82% of executives say that flexible working is essential to their core business operations. As a result, the rise of the BYOD era is inevitable. HR professionals need to ensure that the right policies are in place to enable this trend to evolve within a South African context. Employees should understand the need to keep their security software up to date.
Keeping abreast of security policies
HR professionals should also be made aware of the implications of the Protection of Personal Information Act (PoPI). With the introduction of the Act, local businesses are now legally required to ensure that all client, supplier and employee information is stored, processed and destroyed in a manner that upholds privacy and protection of personal data. This includes sensitive employee data that should not fall into the wrong hands.
Understanding the potential risks posed by employees
The ‘2017 IBM X-Force Threat Intelligence Index’ report findings showed that 60 percent of cyber-attacks are the result of internal activities. HR professionals should therefore not only educate employees of the risks of cybercrime, but also have policies in place for employees that do not adhere to the rules.
Ultimately, the global cost of cyber-crime to businesses over the next five years is expected to be US$8 trillion. Clearly, failure to take the reality of the cyber-threat seriously would be reckless. By embedding policies and rules to manage the era of BYOD, while educating employees of the risks of the digital age, HR professionals can assist in mitigating the risk for good.