Cybersecurity is far from a new term or discipline. In fact, as the working world has digitised and more and more data has been produced each year, cybersecurity has become a mission critical for all businesses and enterprises.
Unfortunately, while we know that information security has become so critical to organisations, equally challenging is the fact that there is a serious shortage in IT skills, and specifically IT security skills. This is true both internationally and in South Africa.
How can businesses build the skill sets they need to ensure that their data and systems are protected?
Cybercrime is on the rise
First, let’s address the challenge. Cybercrime is highly lucrative, sophisticated and businesses of all sizes across the world are targeted by cybercrime syndicates. In fact, according to Surfshark, South Africa is among the top 10 countries in the world found to have experienced the most cybercrimes in 2021.
Which brings us to the key question: If the term cybersecurity has become so prevalent and every business (and most individuals) are aware of the need for it, why is cybercrime still so prevalent?
Leading up to cybersecurity awareness month, we thought we should go back to the basics, because too often it’s at this level where cybercriminals are slipping in to networks and wreaking havoc.
Cybersecurity: what it is and why we need to understand it
In a nutshell, cybersecurity is the art of protecting data, devices and networks from unauthorised access, such as hackers, cybercriminals or even internal users who should not be able to access restricted files.
There is an added component to cybersecurity that is crucial, however. While data needs to be secure and confidential, with its integrity always preserved, it also needs to be easily accessible. It’s the job of cybersecurity to ensure that data is secure and that it can be used in the day-to-day operations and decision making of businesses. Cybersecurity is therefore responsible for the collection, processing, storing and access to information.
It’s also important to remember that many cybercriminals are extremely patient. This has become a business after all – the new age of organised crime. A hacker will send a phishing email and if even one person opens it, they’re in. The person in question could have limited or no access to sensitive data, but hackers have been known to spend weeks and even months in a system slowly uncovering vulnerabilities and siphoning away data until they are able to crack the passwords protecting restricted data.
The risks of poor cybersecurity
Once a cybercriminal breaches a system, there is a lot of damage that they can do:
- You are locked our of your systems and data. Imagine every employee is unable to access their emails, collaboration platforms, workflows, documents and client data. Your systems are shut down and no customers can reach you. If you run a website, online store or software platform, customers are shut out. How much revenue are you losing for every minute you are not operational? What reputational damage is being done during that time? One of the most common hacks today is ransomware that locks a system down. A hacker will only provide the key to reopen the system once a ransom is paid.
- Your data is exfiltrated. It’s every business’s worst nightmare. Your system is breached and the personal details of your customers are stolen. These include ID numbers, passwords, names, surnames, addresses and even financial information, basically everything a criminal needs to defraud your clients. Unfortunately, ransomware demands often include the exfiltration of data, even if ransoms are paid. These are the data breaches that we often hear of in the news. Laws like the Protection of Personal Information Act (POPIA) now hold businesses accountable for the data they hold (and if that data is breached) and if an audit reveals that the business did not adequately protect its client’ personal information, the company and its directors could be liable for large fines over and above the reputational damage caused. Insurance companies are also increasingly requesting digital forensic audits after a breach occurs before paying out any ransom claims.
- The cybercriminal leaves a backdoor open. Surviving a cybercrime can be harrowing. Being hit for the second time can be devastating. Once they are in, many cybercriminals leave a backdoor for themselves so that they can easily breach your system again.
Information security has become a top priority
The demand for skilled information security management professionals is therefore on the rise. The good news is that a Certified Information Security Manager® (CISM®) certification is the go-to credential for IT security management pros. The uniquely management-focused CISM® certification is a globally accepted standard of excellence and as such, organisations that are certified to deliver CISM® training must be up-to-date in the latest cybersecurity trends.
Information security professionals who hold a CISM® certification are also equipped to help organisations achieve greater alignment between the business’s broader strategic objectives and goals and their information security programs.
Who should obtain a CISM®?
The CISM certification was developed specifically for experienced information security managers and anyone with information security management responsibilities. This includes:
- Information security managers
- Aspiring information security managers
- IS/IT consultants
- Chief information officers
Choose Torque IT as CISM® certification partner
TorqueIT is South Africa’s only ISACA Accredited Premium Partner. We deliver an intensive five-day CISM exam preparation course that is designed to prepare professionals for the Certified Information Security Manager (CISM) exam. The course focuses on the key points covered in the CISM Review Manual 15th Edition and includes class lectures, group discussions/activities, exam practice and answer debriefs. The course is intended for individuals with familiarity with and experience in information security management.
Through us, your IT professionals can fast track the skills they need to protect your IT systems. Our certified courses are twice as fast as traditional training, with exponentially better outcomes.