Cybersecurity Awareness

Inioluwa Aborowa,
Information Security Lead Consultant.

12th October 2024

Cybersecurity
Cybersecurity is the ongoing effort to protect individuals,
organisations and governments from digital attacks by
protecting networked systems and data from unauthorized
use or harm.
Levels to information
❖ Personal: On a personal level, you need to safeguard your
identity, your data and your computing devices
❖ Organizational: At an organisational level, it is everyone’s
responsibility to protect the organization’s reputation, data
and customers
❖ Governmental: As more digital information is being
gathered and shared, its protected becomes even more
vital at the government level, where national security,
economic stability and the safety and wellbeing of the
citizens are at stake.
Why Cyber Awareness
✓ As the globe becomes more interconnected and reliant on digital technologies, cybercrime
is surging. The year 2023 saw a notable increase in cyberattacks, resulting in more than
343 million victims. Between 2021 and 2023, data breaches rose by 72%, surpassing the
previous record.
✓ People around the world use email for personal and professional communication, making
email a target for cybercriminals and the most common vector for malware. In 2023, 35%
of malware was delivered via email, and more than 94% of organizations reported email
security incidents.
✓ The repercussions of cyberattacks are far-reaching and costly. A data breach costs $4.88
million on average in 2024. In 2023, compromised business emails accounted for more
than $2.9 billion in losses.
These alarming figures emphasize the danger of cyber vulnerabilities and highlight the need
for continuous cybersecurity awareness within organizations.
 Improved security posture

Reduced risk of human error.

Compliance with regulations.

Benefits of
Cybersecurity Increased employee vigilance.

Awareness Better incident response.

Saves Precious Time & Money.

Enhanced reputation and trust

 Phishing and
Malwares Social Engineering Ransomware
Attacks

Cyber Threat Insider Threats

Mobile Banking Data Breach and

Landscape Fraud Privacy Violation

Third Part Risk

Cybersecurity Core Areas
➢People
Users must understand and comply with basic data protection and privacy security
principles like choosing strong passwords, being wary of attachments in email, and backing
up data.
➢Processes
Organizations must have a framework for how they deal with both attempted and
successful cyberattacks e.g. ISO 27001, COBIT, PCI-DSS, NIST
➢Technology
Technology is essential to giving organizations and individuals the computer security tools
needed to protect themselves from cyberattacks. Three main entities must be protected:
Endpoint devices like computers, smart devices, and routers; Networks; and the Cloud.
ISO/IEC 27001
ISO/IEC 27001 is the international standard
that specifies the requirements for
establishing, implementing, maintaining,
and continually improving an Information
Security Management System (ISMS)
Clauses 4 to 10 are the section within the
standard that outlines specific
requirements. They are expressed with the
Verb “Shall”
Annex A is a crucial part of ISO 27001. It
contains 93 information Security Controls
organised into 4 Groups.
Basic Terms

DOCUMENTS SPECIFICATION RECORD

Mandatory • ISMS Scope Statement
• Information Security Policy
Documents for • Risk Assessment Methodology
• Risk Treatment Plan
ISO 27001 • Statement of Applicability

Certification • Information Security Objectives

• Internal Audit Program and Reports
• Corrective Actions Reports
• Management Review Minutes
• Procedure Documents for Key Controls (e.g
Access Control, Incident Management)
Operational Benefits

Systematic Risk Management

• Implement a structured approach to identify, assess and mitigate risks.
• Protect business continuity by proactively managing security threats

Improved Incident Response

• Establish a formal framework for responding to security incidents swiftly
and effectively.
• Minimize downtime and operational disruptions

Standardised Security Practices

• Develop consistent security policies and procedures across the
organisation
• Increase efficiency and effectiveness in managing information security
Financial Benefits

Cost Savings
• Avoid financial losses from data breaches, legal penalties, and business disruptions.
• Potential reduction in insurance premiums due to improved security posture

Return on Investment (ROI)

• Secure new business opportunities by meeting ISO 27001 certification requirements.
• Strengthen client retention through demonstrated commitment to security

Operational Efficiency
• Streamline security processes and reduce redundancies
• Lower the costs associated with managing information Security.
Risk Consideration

Security incidents can

Failing to meet regulatory
Non-compliance may lead cause system disruptions
requirements could result
to costly remediation and impact business
in significant penalties.
operations

A security breach could Limited business growth

erode client trust and and partnership
damage our reputation opportunities
Recommendations
✓ Implement cybersecurity framework e.g ISO 27001, COBIT, PCI-DSS, NIST.
✓ Conduct regular security plans and risk assessments.
✓ Develop incident response plans.
✓ Provide employee security awareness training.
✓ Continuously monitor and improve security controls.
THANK YOU FOR YOUR TIME ANY QUESTIONS?