Head of Security Research at Orange Cyberdefense, Charl van der Walt, has disclosed that most security breaches are caused by simple lapses.
According to the Managing Director of KnowBe4 Africa, Anna Collard, Walt stated this in his keynote speech at the inaugural Africa Cyber Security Culture Conference 2020 in South Africa.
The event organised in June by KnowBe4 Africa gathered industry experts from Kenya, Nigeria, Uganda, Norway, United States and South Africa to discuss security culture and the impact of the Coronavirus Disease around the globe.
In a statement on Monday, Collard enthused that the event exceeded expectations.
“We expected maybe 200 delegates, and we ended up with 1,300 people registering to attend,” she said. “They came from all over the world, not just Africa, and engaged in conversations that helped shape the picture of security on the continent and in preparing for a more secure future.”
The keynote speaker had asserted that despite everything, simple security failures like poor patching, basic security hygiene and human error were the causes of most security breaches.
“People are more vulnerable working from home and the company has limited control over devices and environments, which is further increasing vulnerabilities. And the cybercriminals are exploiting this,” he added.
Managing Director at CLTRe, Kai Roer, shared the possibility of using scientific survey models to measure security culture and how it could be tracked over time.
Done over multiple organisations, worldwide, the data reflected that African users were more conservative than American users and that if a business wants to impact security culture, it has to measure it.
“Lynne Moses, Information Security Governance Specialist at First National Bank, spoke about the tools she uses to measure return on investment into security and culture,” said Collard. “She assesses security culture across 45,000 end users across multiple African countries at the beginning and the end of the year to compare people’s behaviours and how they’ve either improved or deteriorated. This makes it easier to prioritise what security principles – like compliance or phishing – have to be prioritised.”
Throughout the event, leaders in the industry shared security concerns in the new normal, best practice for managing security in the future, and how to help employees build safe spaces in their homes and offices.
“Roger Grimes, the Data-Driven Evangelist at KnowBe4 and Ian Keller, Chief Information Security Officer at SBV Services, both provided powerful presentations around training, security hygiene, and security awareness. The event highlighted the need for richer security cultures, how a scientific approach can help create this culture, and how to bring about real change,” Collard added.
The feedback from the attendees was reportedly overwhelming, so much so that KnowBe4 is planning to run a second event in the last quarter of 2020 that’s even more inclusive and accessible.