The cost and impact of cybercrime are climbing by around 15% every year, according to a 2020 report in Cybercrime Magazine, and is expected to cost $10,5 trillion globally by 2025. This makes cybercrime, they argue, more profitable than the global illegal drug trade.
The real costs are far greater though, both broadly and to individual companies, as these funds represent lost investment and innovation, and companies increasingly face stringent fines for personal data losses under regulations such as the General Data Protection Regulation (EU GDPR) and Protection of Personal Information (PoPI) Act.
The human layer
All it takes is a chink in the armour, warns John Ward, SME of Cloud Business for Africa at Fortinet, and this can be through human error, misconfiguration, permissions-based or sheer brute force attacks. This is why he likens solid data security strategy to a South African staple – the humble braaied onion.
“The outer edge gets the most heat through the tinfoil when you’re cooking it,” Ward explains. “At the centre is the soft part – valuable data – and you have to have multiple layers of protection around that sweet, sweet data. Hacked or – worse – lost, our data is incredibly valuable. This is why you need prevention tactics, and training on human error and how this can be exploited.”
User education – training on cyber threats and the kinds of tactics used by bad actors – is a key protection layer, and one that is particularly valuable because people are inherently fallible, Ward says. The users of your systems are vulnerable to phishing, spear-phishing and social-engineering attacks. Even if your security professionals are “jaded and grumpy”, Ward jokes, the outgoing nature of your sales staff (as just one example), their keenness to establish relationships, to be helpful, has been exploited since time immemorial.
“And what about a systems administrator who is having a bad day, who makes a simple error in a moment of distraction?”, Ward asks. These kinds of lapses are so relatable, but they also render the “human layer” susceptible to breaches.
This is why, Ward offers, cloud should be seen as an…