26 Apr KnowBe4 recommend ‘security in depth’ approach
According to KnowBe4 Africa, companies should be prepared to adopt a ‘security in depth’ approach. The company’s SVP of Content Strategy and Evangelist, Anna Collard, believes this vital a ransomware and cyberthreats are becoming more invasive and complex.
Collard’s description of ‘security in depth’ refers to adding additional stopping points throughout the company, places where a potential security threat is analysed then either allowed to pass, or indefinitely halted for further insights.
The goal of such an approach is to create a culture of security within the company.
“It is about ongoing awareness,” Collard explained. “People need to understand that security is not something that is mandated by a person in IT who does not understand how much work they have to do or how frustrating it is to jump over multiple security hoops when they are on deadline.
“When you are tired or under pressure you do not want to have to enter in a 24-letter password or repeatedly authenticate your identity, you want access to the system so you can get your job done. However, as much as security can be tedious and frustrating, a compromise is even more so. This is why training is important.”
Collard suggests the right training will cause people within a company to consistently remind themselves of their role in protecting it. The more they understand security, and the threats faced, the more they will invest themselves in maintaining it.
“Of course, training and awareness are only one side of the coin,” she said. “It is also critical for the company to have robust security in place across endpoint detection, threat detection, incident response processes, patch management and cyber insurance.”
As ransomware continues to get smarter across the Africa region, the need for individuals to not only understand the threats they are dealing with, but remain vigilant in their workplaces, continues to grow.