Strong firewall? Don't feel so secure

accreditation

Stellenbosch - Most companies are focusing primarily on physical cyber security barriers like firewalls, while forgetting the potential risk posed by their employees' behaviour, says Gundu Tapiwa of the Sol Plaatje University in Kimberley.

"Humans hold the keys for cyber criminals to unlock the door to your company that you think you have locked sufficiently," he cautioned during a presentation at the 14th International Conference on Cyber Warfare and Security, hosted by the University of Stellenbosch and the CSIR.

Curiosity killed the cat

Research shows that about 49% of employees would fall into the "naïve" category, Tapiwa said.

Furthermore, he added, his own research found that many employees who indicated during a cyber awareness campaign that they would act in the appropriate manner to avoid a cyber security breach, still went ahead and took risky actions under test conditions.

For instance, when he placed random software in plastic bags at a business, almost all the employees ended up inserting the flash discs into the company computers to see what they contained.

"You cannot totally eliminate risk, but you have to try to limit it to an acceptable extent," he said.

His research further showed that the effectiveness of a cyber security awareness campaign – aimed at giving employees knowledge only – would still be questionable.

Non-compliance by employees still persisted even after they had completed the campaign, he found.

Get around the human factor

"Companies should, therefore, find ways to get the human factor to behave in a cyber secure way," said Tapiwa.

"Employers should not just assume that employees will follow the prescribed behaviour. I tested them and, although their intentions sounded good, in the end their actual behaviour was different – risky."

That is why, in his view, there should be some form of consequence for employees who put the company at risk with their cyber interactions. It could even include impacting their salaries, he believes.

"My research showed the cyber challenges caused by employee behaviours – whether they behaved in a cyber risky way knowingly or unknowingly.

"And even if they were aware that they were behaving in a cyber risky way, it seems many still might not want to change their behaviour," said Tapiwa.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
15.55
-0.5%
Rand - Pound
20.83
-0.6%
Rand - Euro
17.32
-0.4%
Rand - Aus dollar
10.86
+0.2%
Rand - Yen
0.13
-0.3%
Gold
1,789.82
-0.4%
Silver
22.54
-1.0%
Palladium
2,282.50
-3.9%
Platinum
1,003.50
-2.2%
Brent Crude
89.34
-0.7%
Top 40
66,676
-0.6%
All Share
73,087
-0.6%
Resource 10
74,273
-1.1%
Industrial 25
90,198
-0.3%
Financial 15
15,023
-0.3%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot