One of the core reasons why businesses remain vulnerable to cyberthreats is that they underestimate their risk or overestimate the strength of their existing defences.
According to a recent Kaspersky survey entitled “Cybersecurity in the workplace: Employee knowledge and behaviour”, 48% of professionals surveyed in South Africa, whose work requires the use of computers, asses the risk of a cybersecurity incident happening to their company as quite possible.
Commenting on the probable consequences of a cybersecurity incident, 52,3% of employees surveyed in South Africa supposed that it might seriously affect the company.
This understanding of risks comes not only from general cybersecurity awareness, but also from knowledge about cyber incidents in their organisations: 23,3% of local respondents acknowledged such incidents happened in the past 12-months, while an additional 17,8% said they have heard about these incidents from colleagues.
Organisations nowadays face a variety of cyberthreats ranging from phishing and business email compromise to ransomware and advanced persistent threats. In a lot of these attacks, the entry point into the organisation’s network is via a human mistake, and it is for that reason attackers actively employ social engineering techniques and AI tools to make their efforts more effective.
The survey shows that the majority of respondents understand that cybersecurity is an issue that should be considered by the IT department, while 11,8% also mentioned top level executives and 5,3% cited legal and financial employees as core groups within the business who should keep cybersecurity issues in mind. Only 36% of employees surveyed viewed cybersecurity as an issue that should be considered by all employees across the entire business.
“In today’s digital landscape, cybersecurity is a collective responsibility that extends beyond the IT department. Every employee should remain vigilant against evolving threats. Regular cybersecurity training, use of relevant IT solutions, well-defined policies and an incident response plan are essential pillars of organisational cyber resilience. When every team member is informed and prepared, the organisation stands stronger against cyber threats,” says Brandon Muller, technical expert for the MEA region at Kaspersky.