Page 37 - EngineerIT August-September 2025

P. 37

CYBERSECURITY

We often tell our clients that good
cybersecurity doesn’t just involve
equipping your organisation with the
latest technology. According to the
Global Technology Industry Association
(GTIA), 76% of breaches are considered
preventable and involve human
error. That tells us the first step any
organisation should take to improve
its defensive posture is to start with
comprehensive training and regular
discussions.

One of the biggest risks comes from users
ignoring security messages because
they’ve been conditioned to click past
them. Sometimes platforms generate
unnecessary warnings, leading IT teams
to advise employees to disregard them –
a habit that can carry over into situations
where alerts really do matter. Why “training-first” falls short
Security awareness training is essential, but it often assumes a baseline
Another common gap is a lack of of digital literacy that doesn’t exist for every employee. That’s why
understanding of core security tools. Take organisations should first ensure employees understand the fundamentals,
one-time passwords (OTPs). If someone such as the safe use of VPNs, recognising legitimate URLs or managing
doesn’t know what they are or why they passwords securely. Without this, training becomes a band-aid solution,
must be kept secret, it’s much easier for addressing symptoms case by case rather than tackling the root cause of
a scammer to trick them into giving one vulnerability.
away.
Employees should be included in cybersecurity solutions and have
The danger is compounded by a false opportunities to put their knowledge into practice through phishing
sense of safety that can be fuelled by simulations they see as useful, not patronising. Encourage employees
a lack of understanding, making basic to ask questions about suspicious emails or alerts without fear of
security measures seem like a box- embarrassment and provide clear incident reporting mechanisms.
ticking exercise instead of an individual When people hide what they don’t know, or aren’t equipped to recognise
responsibility. Small organisations what they don’t know, vulnerabilities go unnoticed. By normalising open
often assume that having an antivirus conversations about security, organisations make it easier to spot and stop
or firewall is enough, or that they’re threats early.
too small to be targeted. But attackers
increasingly work in bulk, going after The hidden costs of digital illiteracy
many smaller targets for smaller pay- Digital literacy isn’t just about risk reduction: it can also boost efficiency.
offs. Whether it’s knowing how to use AI tools effectively or simply creating
a better formula in Excel, these skills save time and reduce frustration.
It’s not always about landing a big crypto Consider the hours lost when employees struggle to use spreadsheet
ransomware payment. Some hackers functions fully, or when they can’t tell the difference between valuable
are content with a few hundred rand AI applications and time-wasting novelties. These are benefits no
in gift cards. But if the attack works, organisation should overlook, making investment in digital literacy a
they’ll try it again. If a victim’s learning “no-brainer” for improving overall business operations and adaptability.
from the incident is based solely on the
characteristics of the specific incident, Strengthening the “human firewall” starts with the fundamentals. When
the ability to identify different versions organisations invest in digital literacy, they’re not just protecting themselves
isn’t necessarily improved – which points from cyber threats — they’re building a more capable, confident and
to a gap in digital literacy. resilient workforce.

37 | EngineerIT August/September 2025

32 33 34 35 36 37 38 39 40 41 42