In the last four years, we have seen a broad cultural shift when it comes to the way businesses operate in relation to technology. This shift has made way for more agile and intelligent business outcomes. But growing adoption speeds and moves towards digitalisation are far from new phenomena.
In 2013, an article posted by the Harvard Business Review commented on how technology adoption rates had increased, comparing the adoption of tablet technology with innovations like electricity and telephones. Ten years later, the rate of adoption of technology is incomparable. For technologies like AI, rates have skyrocketed to a point where 50 to 60% of all organisations use AI in some form. Even more impressively, cloud adoption among enterprise organisations is above 90%, accounting for 75% of the workload in 1 out of 5 organisations.
However, the dialogue around these achievements in technological adoption has changed. In 2013, businesses were aiming to achieve the status of being “technologically enabled”, a catchphrase still used today; but simply having the technology is no longer enough. This is due to one simple yet sinister development – cybercrime. While the adoption of AI has helped improve the agility and efficiency of above-board businesses, so too has it helped improve the efficacy of cybercriminals.
Although not a new problem, cybercrime has risen alarmingly quickly to the top of the charts when it comes to business concerns. The boom of Internet of Things (IoT) technology and chaos that surrounded the sudden shift to work-from-home models in 2020 kick-started the age of cybercrime. In that period, incidents rose by 600%, affecting every industry and showing no signs of slowing down. One report predicts the cost of cybercrime will continue to rise to $10.5 trillion dollars by 2025, up nearly 117% from $3 trillion in 2015. Today, organisations need to be more than just technologically enabled, they need to be future-secure.
The biggest difference between being technologically enabled and future-secure is the incorporation of the human aspect of cybersecurity. A staggering 88% of data breaches are the direct result of human error. This is compounded by poor training, with 42% of organisations listing a failure in their employee security training as one of their top 3 challenges. Changes in employee expectations, which have seen flexibility rise to the top of employee demands, undoubtedly play a role in this. In a recent Standford study, 50% of respondents claimed to be “very” sure they had made an error at work that could have led to security issues. Nearly 45% cite distractions as the top reason for these errors, and 57% admitted being more distracted when working from home.
As a result, organisations can no longer take the approach that cybersecurity is the responsibility of just the chief technology officers and their teams. Rather, a basement-to-boardroom approach to cybersecurity, which incorporates effective training, is the key to ensuring the security of your organisation.
And this comprehensive approach is becoming even more important. Voice and video mimicking have recently gained popularity among malicious groups. While early AI allowed criminals to produce impressively tailored written phishing emails and text messages, this more recent advancement has even led executives to believe they are having a conversation with someone from within their organisation.
So how do organisations become future-secure and ensure they are equipped to meet these changing challenges? Although a ‘human firewall’ is arguably the most important factor, organisations must be able to match the malicious groups pound for pound in terms of technology as well as use this technology in a way that serves their purpose. This is where the concept of a cybersecurity footprint is important.
Similar to a digital footprint, a cybersecurity footprint specifically refers to the information related to an individual or organisation's cybersecurity measures, practices, vulnerabilities, and defences in the digital realm. Incorporating everything from firewall configurations to encryption methods, access controls and incident response plans, a cybersecurity footprint encompasses the security protocols, software, hardware, policies, and practices in place to protect digital assets and sensitive information. It is crucial that this be analysed on a regular basis to address any vulnerabilities that may have developed and to understand the adequacy of your current measures.
But simply having this technology in place is not sufficient. Technology cannot exist in a void when it comes to cybersecurity, neither can people. It is critical that organisations implement robust and regular training programmes to keep employees up to speed on the latest threats, policies, and procedures. There is a critical need to improve the attitudes and skills of all employees around cybersecurity for any strategy to be truly effective.
To help businesses achieve this and reduce the prominence of failed cybersecurity training, Vodacom Business is asking organisations of all sizes : “Turn to Us” to protect your data and equip your employees, from the basement to the boardroom, with the skills they need.