Kaspersky research conducted together with News24 has shown that 60% of the 1301 respondents still work from home due to the Coronavirus outbreak. At the same time, half of them admitted that they either don’t have any security solutions installed on their devices, or don’t know if they do. This situation is amplified by the fact that a quarter of respondents have already been a victim of a security incident.
While more and more companies make public promises to have their business processes conducted fully online, precautionary measures are becoming more vital for the healthy functioning of every entity. This is particularly concerning considering South Africa’s unprecedented spike in network cyberattacks detected by Kaspersky that occurred just before the official lockdown and at a time when remote working increased in response to the pandemic.
The survey results have shown that more than two-thirds of the respondents have not received any formal cybersecurity guidelines from their employer on how to work from home safely during this time of lockdown. While 28.9% of respondents noted that they have asked their employers about cybersecurity measures that they should follow, a large percentage (71.1%) have not. At the same time, almost everyone (96.3%) stated that the security of their devices and data are important to them. Yet, only 50% of respondents were sure they have security solutions installed on their devices.
“Modern technologies have reached the level where it is easier to hack a human, not a machine. This is why phishing and e-mail scams are so often becoming an entry point for cybercriminals who wish to penetrate a computer system. The good news is, according to the same survey, 87.8% of respondents expressed their wish to understand cybersecurity more to protect their devices. This shows an extremely conscious approach to cybersecurity and that more people are becoming aware of the seriousness of this threat, which is already a success,” says Bethwel Opil, Enterprise Lead at Kaspersky in Africa.
To ensure the integrity of your business, Kaspersky advises employers to take the following precautionary measures:
· Ensure devices, software, applications and services are kept updated with the latest patches.
· Provide your staff with basic cybersecurity hygiene training (Kaspersky ASAP), as many targeted attacks start with phishing or other social engineering techniques. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails.
· Provide your Security Operations Center (SOC) team with access to the latest threat intelligence, and stay up-to-date with new and emerging tools, techniques and tactics used by threat actors and cybercriminals.
· For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions, such as Kaspersky Endpoint Detection and Response.
· Enforce a strict password policy for all IT systems and deploy multi-factor authentication.
· Follow the principle of offering staff limited privileges and grant high-privileged accounts only to those who need this to fulfil their job.
