CFA's Tech Blog - Transforming Africa

Why Cybersecurity Awareness is Not Enough to Curb Cyber Attacks

The front pages of newspapers are often dominated by cyber-attacks headlines irrespective of the massive campaigns and cybersecurity awareness.

We have seen lots of more prominent firms invest heavily in carrying out these campaigns and of course, this month is a cybersecurity awareness month set aside by the US administration.

What could be the problem, why do people still fall victims of cyber-attacks? This substantial investment on technicalities and cybersecurity infrastructure do not correspond with the investment in humans in this regards.

There are a couple of factors that are responsible for continuous cyber-attacks. For instance, some employees are yet to imbibe the culture of cyber-security consciousness. It is still seen as one of the least priorities, the focus is mostly on the business, how to deliver the day-to-day tasks and others.

In some cases, it involves the act of complacency. Employees are often tired and see the practical implementation of cybersecurity techniques as worrisome. That mindset is still missing despite all the campaigns on this subject.

From several indications, the primary objective of some of the companies is usually to invest in infrastructure, rather than the people. It’s not bad to spend on security apparatus, but people remain paramount because they are often the prey in the whole scenario.

It is not enough to organize a 30 minute cybersecurity awareness campaign and tell participants to change their passwords, the same boring stories, and tips. It has to be a thing of culture; the human behavior should be considered in the course.

The era of just focusing on preventing cyber-attacks through several machines should be transformed to the human behavioral pattern. It will take some level of commitment and efforts to change the mindset of employees because their brain has been programmed to be lackadaisical about cybersecurity.

The primary strategy is to establish a strong influence that would play a trick on the mindset of employees.

Active communication with them to form a formidable force in their minds, once this has happened; it becomes a little bit easier to inculcate cybersecurity consciousness gradually.

It is essential to understand the complexity around human behavior, how they think and employers can start developing this consciousness in their minds.

There is no point spending lots of money, and at the end of the tunnel, employees still fall prey. Until tough work around on the mindset of people to develop that cybersecurity consciousness, nothing would probably happen.