Connect with us
Anglostratits

Tech

Training is crucial, but feeling safe enough to speak up is critical for cyber resilience

Published

6 months ago

on

Cyber-wellness

Cybersecurity training is vital, but it’s not enough on its own if your workplace culture discourages people from speaking up. Good corporate security awareness includes empowering employees to think critically, voice concerns and admit mistakes, without fear of reprisal. The secret is something all parents who’ve gotten their children to admit when they’ve done something wrong already know.

Psychological safety is an underrated part of organisational cyber resilience and yet it’s essential if companies want to strengthen their cyber defences from within. “Psychological safety refers to an organisational environment where employees feel confident they can slow down to question suspicious activities, report security concerns, admit mistakes, and challenge instructions  without fear of blame, punishment or professional retaliation,” explains Anna Collard, SVP of Content Strategy at KnowBe4 Africa (www.KnowBe4.com).

Jonah Berger writes in his book, Invisible Influence: The Hidden Forces that Shape Behavior:

“Parents who react negatively when their children confess to something bad they’ve done are inadvertently training them to lie. If a child tells you they broke a vase and you get angry and punish them severely, they learn a simple lesson: admitting the truth leads to a bad outcome.”

The question organisations need to ask themselves, even when they have implemented industry-leading security awareness training (SAT) (https://apo-opa.co/4pFnoly), is this: “What happens to employees who admit their big cybersecurity mistakes (https://apo-opa.co/3KoMiXM)? What do they expect to happen, regardless?”

What happens if employees don’t feel secure?

Collard believes there are several toxic dynamics in organisations that undermine security reporting. “The most notable is the blame-first culture,” she states. “Organisations that immediately ask: ‘Who did this?’ instead of ‘How can we prevent this?’ create defensive behaviours where employees hide incidents.” Instead of reporting concerns that could lead to early detection, employees become silent because they fear consequences.

Another unhealthy dynamic in workplaces is when managers suffer from perfectionism. “When security is presented as binary (perfect compliance versus failure), employees avoid admitting any uncertainties or mistakes,” asserts Collard.

Establish systems where reporting suspicious emails or activities is rewarded and celebrated, making reporting feel like a contribution rather than a confession

Having a silo mentality can also be a stumbling block. “When security teams are seen as separate from business operations, employees view them as outsiders rather than partners,” she comments. This is especially true if IT personnel fail to take employees’ concerns seriously or dismiss them altogether.

Another dangerous phenomenon is when employees are confused by inconsistent messaging. “Staff don’t like it when leaders preach that security is everyone’s responsibility, but then exclude non-technical staff from security discussions or break the rules themselves,” Collard says.

Overcoming barriers to psychological safety

Fortunately, there are many courses of action (https://apo-opa.co/3Y3OVBi) that organisations can take to correct these unfavourable dynamics. “It’s really helpful when companies implement blameless post-mortems after security incidents,” she shares.

A good example is GitLab’s 2017 incident (https://apo-opa.co/48JHc1t), when a systems administrator accidentally deleted a production database, resulting in six hours of lost data. The team responded transparently, live-blogging the recovery and treating it as a learning opportunity. “A culture of openness meant the issue was addressed immediately, with no blame or cover-ups – just quick action and prevention,” comments Collard.

Collard recommends integrating security champions across all departments and celebrating reporting and learning over perfection. “It also helps when leaders model vulnerability and continuous learning,” she emphasises.

Creating positive feedback loops

Instead of coming down hard on employees who mess up, managers should frame these incidents as valuable insights about attack sophistication rather than user failure. “This can be reinforced by creating positive feedback loops as a core part of human risk management,” Collard says (https://apo-opa.co/4rsf8Hm). “Establish systems where reporting suspicious emails or activities is rewarded and celebrated, making reporting feel like a contribution rather than a confession – or even just perceived compliance burdens with no purpose.”

Her final piece of advice is for leaders to adopt a zero-trust mindset approach. “Zero-trust principles require continuous verification and questioning,” she asserts. “But this only works when people feel psychologically safe to voice their concerns.”

Digital mindfulness is another essential tool for strengthening the human layer within an organisation. “Fostering a culture of pausing and seeking help rather than rushing through work is hard in a world that moves at a relentless pace,” Collard concedes. “But it’s in those high-pressure moments that we need to be most grounded and focused to avoid mistakes.”

Ultimately, she believes the most secure organisations are not those that expect perfection, but those that enable people to speak up, learn and respond quickly when something goes wrong. “Psychological safety is a critical foundation for any organisation serious about cybersecurity resilience,” Collard concludes.

Distributed by APO Group on behalf of KnowBe4.

Related Topics:
Continue Reading
Advertisement

Tech

Kaspersky maps Artificial intelligence (AI) and the evolving threat landscape at AI Everything Kenya x GITEX Kenya

Published

4 hours ago

on

May 20, 2026

By

Kaspersky

Kaspersky data demonstrates that in 2025, password stealer attacks increased by 83% year-over-year in Kenya and 56% across Sub-Saharan Africa

NAIROBI, Kenya, May 19, 2026/APO Group/ –At AI Everything Kenya x GITEX Kenya, taking place from 19-21 May, global cybersecurity company, Kaspersky (www.Kaspersky.co.za), talks about the current threat landscape in Kenya and the wider East Africa region, warning that the rapid development and adoption of artificial intelligence is creating new opportunities for innovation while simultaneously introducing cyberthreats for businesses and individual users. With risks varying from AI-powered social engineering campaigns and deepfake fraud to “Shadow AI” risks inside organisations, Kaspersky advises organisations to adopt clear policies, cybersecurity controls and employee education to ensure AI technologies are deployed safely and responsibly.

 

“As organisations in Kenya and the wider region accelerate digital transformation, cybersecurity is becoming a board-level priority. We are seeing growing awareness that innovation and security must develop hand in hand. Industry events such as GITEX play an important role in this process by helping businesses better understand both the impressive opportunities AI and digital technologies create, and the precautions needed to manage the evolving cyber risks that come with them,” says Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.

 

Cyberthreat landscape developments

 

AI risks come amid other cybersecurity challenges of the evolving threat landscape in the region. Kaspersky data demonstrates that in 2025, password stealer attacks increased by 83% year-over-year in Kenya and 56% across Sub-Saharan Africa. Spyware attacks grew by the same figure of 83% in Kenya and 53% regionally, while backdoor attacks rose by 25% in Kenya and 8% across Sub-Saharan Africa. Although exploit attacks showed a slight decline, they remain a major concern due to their mass spread and unauthorised access they open to a users’ systems. Meanwhile, ransomware continues to pose a serious risk to organisations, with 7.62% of organisations in Africa experiencing ransomware detections in 2025.

 

Advanced Persistent Threats (APTs) remain among the most serious risks for enterprises. According to the Kaspersky Security Services Global Report, APT groups were detected and blocked in 21% of customers in 2025 and accounted for 23% of all high-severity incidents. These highly organised groups increasingly combine AI-enhanced techniques with social engineering and targeted intrusion methods to maximise operational effectiveness.

 

Cybersecurity traps of AI

 

According to Kaspersky experts, cybercriminals can use AI across multiple stages of cyberattacks: from preparation and communication to assembling malicious components, probing for vulnerabilities and deploying tools, while simultaneously concealing evidence of AI involvement to complicate investigations and attribution. Malicious actors are also actively distributing malware disguised as AI tools to steal sensitive information from victims.

 

One of the growing cybersecurity issues is the spread of deepfakes and AI-generated fraudulent content. As AI tools become more and more sophisticated, distinguishing authentic material from manipulated ones is becoming more difficult. Kaspersky researchers warn that AI models can also be vulnerable to “unintended memorisation”, where models retain fragments of sensitive information that attackers may later extract. Additional risks include malicious tampering with training datasets, injection of harmful logic into AI software code and exploitation of vulnerabilities within AI-powered systems.

As organisations in Kenya and the wider region accelerate digital transformation, cybersecurity is becoming a board-level priority

 

The emergence of AI agents, which are systems capable of autonomously taking actions on behalf of users, creates another significant attack surface. According to Kaspersky, these systems can be manipulated through adversarial content or misconfigured autonomy settings, potentially leading to harmful real-world actions.

 

Kaspersky also highlights the growing challenge of “Shadow AI”, where employees use public AI services without oversight from IT departments. This creates uncontrolled data flows and increases the risk of confidential information exposure. A recent Kaspersky study* titled “Cybersecurity in the workplace: Employee knowledge and behaviour” showed that 87.8% of professionals surveyed in Kenya use AI tools for work-related tasks, including text editing, e-mail writing, data analytics and content creation. However, only 35% reported receiving cybersecurity training related to AI use.

 

Essential Actions in the AI-driven IT world

 

Kaspersky recommends organisations to regularly assess AI-related risks and establish comprehensive AI governance policies defining which AI tools are approved and what types of data can be processed. Regular employee training on secure AI usage, recognition of fake AI services, malicious links and prompt injection risks is equally essential.

 

To effectively manage the growing range of cyber risks, organisations should adopt a comprehensive cybersecurity strategy that combines advanced security technologies, reliable threat intelligence, strong internal processes and continuous employee education. Robust cybersecurity solutions, such as the AI-powered Kaspersky SIEM and Kaspersky Next product line, provide real-time protection, threat visibility, investigation and response capabilities.

 

For private users, Kaspersky recommends exercising caution when using AI-powered tools, carefully reviewing privacy settings, verifying the authenticity of AI applications and double-checking information generated by agentic AI systems before making decisions based on automated outputs. The company also advises families to maintain open discussions with children regarding their use of AI technologies and online safety practices.

 

Visit the Kaspersky stand at B10 in Hall 2 at GITEX Kenya to find out more.

 

*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.

Distributed by APO Group on behalf of Kaspersky.

Continue Reading

Tech

Eight major blockers prevent CMOs from closing the gap between brand and performance advertising to drive greater impact

Published

4 hours ago

on

May 20, 2026

By

WARC
  • 90% of ads are not given time to “wear in” and achieve their full impact
  • 60% of marketers say the role of advertising is not fully understood by the C-Suite
  • 49% of organizations have siloed brand and performance teams, hindering integration
  • Only 21% of marketers report advertising objectives alignment with C-Suite

WARC, in partnership with Analytic Partners, BERA.ai, Prophet and System1, release The Multiplier Playbook – The CMO’s guide to integrating brand and performance. The report incorporates a new survey of senior marketers with the ANA

May 19, 2026 – There is a “say-do gap” in advertising: most marketers know the theory of effectiveness, but struggle to apply it. WARC and a coalition of effectiveness experts have identified eight major blockers for marketers to overcome as they seek to close this gap.

Spanning cultural, procedural and structural misalignments, these barriers undermine effective advertising by preventing marketers from implementing evidence-based principles, such as those demonstrated in the landmark study The Multiplier Effect, released last year.

From a disconnect between the CMO and the C-Suite on the role of brand-building, CEO and CFO confusion on the purpose of advertising investment in modern business, and entrenched silos within marketing teams, these blockers, and the plays needed to overcome them, are explored in The Multiplier Playbook, a new report released today, and a must-read for every marketer.

David Tiltman, Chief Content Officer, WARC, and SVP Content, LIONS Intelligence, says: “Since the launch of The Multiplier Effect study last year, it has become clear that the challenges facing marketers are not about knowing the theory. Most CMOs cannot simply change their strategic and investment approach wholesale without overcoming a number of hurdles.

“What is needed is a Playbook – a combination of data, frameworks and real-world examples that help marketers recognize the key “blockers” they might face – and give them some “plays” to help them take action and make progress. The Multiplier Playbook does just that.”

The Playbook combines data from a new survey of over 200 senior marketers conducted by WARC and the Association of National Advertisers (ANA) in the US between December 2025 and March 2026, with additional data, frameworks and insights from WARC and its partners in the Multiplier Effect: Analytic Partners, BERA.ai, Prophet and System1.

The eight blockers to the Multiplier Effect

Previously reported data for The Multiplier Effect report from Analytic Partners ROI Genome found that brands that shifted from performance-only to a mixed approach of brand and performance advertising saw a remarkable 90% median average uplift in revenue return on investment.

To implement this approach, marketers should review the eight cultural, procedural and structural challenges they could face enabling them to succeed in aligning with the C-Suite, integrating teams, and embedding the Multiplier Effect into the work.


Aligning with the C-Suite

The study confirms that alignment with the C-Suite is consistently cited as a barrier to investing in brand-building and unlocking the Multiplier Effect:

The brand disconnect

Approximately two-thirds (67%) of marketers agree that their CEO believes that brand is important. But only 19% of marketers said the C-Suite routinely makes the connection between shifts in brand equity and hard business outcomes.

In short, brand strength is not seen as driver of sales day-to-day.

Marketers are advised to make a stronger case for brand-building to the CEO and CFO – but first they need to be clear about what problem(s) their company faces that a stronger brand would help solve. The report shares four ways to frame brand-building in this way, depending on corporate priorities.


The advertising disconnect

The role of advertising in driving commercial objectives is also a major point of misalignment.

A majority (60%) of survey respondents felt that the C-Suite does not fully understand the role of advertising, and just one in five marketers (21%) strongly agreed their advertising objectives were aligned with C-Suite objectives.

The dominance of efficiency-based metrics such as platform- and channel-specific ROAS in modern advertising serves to deepen this division. The result, in many organizations, is a very narrow view of what advertising is there to achieve – making it a cost of sale, rather than an investment in value creation.

As shown by the results from the ANA/WARC survey, a reliance on short-term tactics and metrics only aligns with one of the C-Suite’s top five commercial priorities. Brand-building, by contrast, explicitly serves the other four – while also generating short-term sales and boosting the efficiency of performance advertising.


Marketers are advised to challenge a fixation with narrow channel-specific metrics like platform-specific ROAS and take steps to align advertising objectives with corporate goals.

Building integrated teams

Structural issues with the marketing department are also hindering implementation of best practices to achieve the Multiplier Effect. The emergence of brand and performance “silos” is making integrated thinking harder to achieve.

Responses to the ANA/WARC survey highlighted how brand and performance teams are struggling to work together in meaningful ways:

half (49%) of organizations have separate brand and performance teams, compared with 25% that have fully integrated teams;
65% have separate brand and performance budgets;
only 44% say they have a “common language” for their brand and performance teams;
similarly, just 44% of brand and performance teams have a common understanding of which audiences are most likely to deliver growth.

While specialists will always be needed, marketing leaders should be looking for ways to drive collaboration between their teams. Marketers are advised to develop a shared vision of what success will look like that is rooted in customer behavior change, and to identify tentpole moments in the calendar that force integration between teams.

The report includes an example from Instacart, where Laura Jones, the company’s Chief Marketing Officer, has recommended looking to find moments to bring teams together: “We have to ‘make our own weather’. We have to create events and campaigns that are big where we can all row in that same direction and get more return out of all of our effort when it’s united.”

Embedding the Multiplier Effect into the work

Success in aligning with the C-Suite and bringing teams together must ultimately be translated into the work to make the Multiplier Effect a reality.

While creativity is most closely associated with brand-building – capturing attention from out-of-market audiences and building lasting memory structures – it also plays a critical role in driving immediate sales performance. The study reaffirms the importance of broad “creative platforms” that bring together brand equity-led and performance-led executions.

Challenges include a perceived risk of advertising strategies that embrace creativity, cited by 41% of marketers in a System1 and Effie Worldwide survey, and a lack of confidence in advertising effectiveness cited by over half of respondents (52%).

Most ads (90%) are not given time to wear in, according to data from Analytic Partners ROI Genome. Marketers are advised to take a “fewer, bigger, longer” approach to creativity; bring media, creative development and measurement much closer together to achieve the “synergy effects” required in a fragmented, low-attention media landscape; and mitigate the perceived risk of creativity using a four-level “creativity stack”: consistency, showmanship, distinctiveness and emotion.


As previously noted by Mike Cessario, Founder/CEO, Liquid Death, creativity can be especially valuable for smaller brands: “If you’re a small company, it’s literally reckless to be safe. Trying to mimic a big company as a small company is reckless … because we can’t afford to buy the eyeballs like the big guys do.”

The Multiplier Playbook report can be read in full here. An accompanying podcast series, taking a deep dive into the findings of the report, will launch on Thursday, May 21st, with Ann Marie Kerwin, WARC’s Americas Editor, talking to Michael Reh, Head of Data Science and Analytics at BERA.ai, about the business value of brand.

A preview episode, featuring WARC’s David Tiltman and Stephanie Fierman, EVP and head of the Brand Practice at the ANA, was released on Thursday, May 14th.

Continue Reading

Business

Oversight matters: Spotting payroll fraud in a digital world

Published

22 hours ago

on

May 19, 2026

By

South Africa

Companies combine oversight and payroll platforms to stop criminals from stealing millions

JOHANNESBURG, South Africa, May 19, 2026/APO Group/ –South Africa’s government has put payroll fraud in its crosshairs. In its latest Budget Review document, the National Treasury prioritises digital payroll systems for state entities, combatting what some outlets have reported as over R4 billion in annual losses through fraudulent payroll payments.

This problem is not limited to the public sector. The Chartered Institute of Payroll Professionals estimates that South African businesses lose around R100 million annually through payroll fraud. Many of the cases involve manual and paper-based payroll systems that are easy to manipulate.

 

The adoption of digital payroll platforms can reduce and catch fraud before it becomes a serious issue. However, going digital is not enough, says Yolande Schoültz, founder of YSchoültz Attorneys and one of SA’s foremost payroll fraud experts.

 

“There is no doubt that digital systems are better than paper-based payroll management. But a digital system only makes it much easier to track down and stop fraud. The organisation must still put the right measures in place, such as approval policies and oversight checks.”

 

Payroll fraud red flags

 

Perpetrators of payroll fraud commit their crimes in several ways. A lone individual might skim money unnoticed by creating ghost employees or redirecting payments. They might collude with former employees, leaving the latter’s details on the system and splitting their salary payments.

 

Whatever the method, the most common aspect of payroll fraud is an administrator operating under little or no oversight, says Schoültz.

 

“There should be a chain of custody, such as someone signing off on salary calculations and doing spot checks to ensure everything is legitimate. But it’s amazing how often, even at large companies, the payroll administrator is working on their own and is the only one with proper access to the payroll system.”

 

If you can access regular reports and integrate payroll data with other systems, it becomes much harder for people to commit fraud, and much easier for you to catch them if they do

Payroll fraud has several red flags, including:

 

  • Unapproved bank accounts or changes to banking details.
  • Changes to employee, account, or reporting information right before or after a payroll run.
  • Excessive overtime, since payroll fraudsters often put in disproportionate hours to maintain control.
  • Strange login and backup hours, another attempt to maintain control and avoid scrutiny.
  • No system locks during payroll runs that would avoid manipulation of records and calculations.
  • Manually feeding calculations into other systems.
  • Frequent payment errors.
  • Payroll software isolated to one device that only the payroll administrator can access.

 

Individually, some of these warnings can be innocuous. They can be signs of an overworked administrator or lacking workplace strategies. But the presence of several is reason to be concerned, and some (such as changed banking details) are immediate cause for alarm.

 

Preventing payroll fraud with technology

 

Modern payroll platforms help organisations reduce fraud, but only when used correctly and alongside other safeguards.

 

“There is no magical app that just changes how you operate,” says Sandra Crous, managing director of payroll provider Deel Local Payroll. “A nutrition app won’t automatically get you to eat less, and a fitness app won’t suddenly get you to exercise more. You still have to make changes and use the app to reinforce your new behaviours. A payroll platform gives a business the tools to oversee and manage payroll through different layers, but the business must use those tools in accordance with its policies.”

 

Spot checks can quickly reveal issues that require more scrutiny. Payroll platforms support fraud detection and financial diligence in several ways:

 

  • System and bank account changes: The platform provides reports and audit trails, and generates custom reports for authorised employees.
  • Isolated access: Modern payroll platforms operate as cloud software, accessible to multiple authorised users and devices.
  • Single users: Secure accounts that give different people, such as auditors, finance directors, and HR heads, access to dashboards and reports.
  • Manual data entry: Payroll platforms integrate with other systems of record, sharing payroll data automatically and leaving no room for interference.
  • Obscure payroll information: Employee self-service (ESS) features enable employees to access payslips and other information directly, helping them spot irregularities.

 

An organisation must create oversight through clear policies, spot checks, and leadership oversight. The right payroll platform can even help people with limited payroll knowledge uncover strange behaviours.

 

“You won’t spot payroll fraud if you keep looking for big changes and payments,” says Schoültz. “Most payroll fraudsters siphon money over a long time and across multiple bank accounts, making it harder to detect. That’s much easier with paper-based systems, spreadsheets, and older payroll software. But if you can access regular reports and integrate payroll data with other systems, it becomes much harder for people to commit fraud, and much easier for you to catch them if they do.”

Distributed by APO Group on behalf of Deel Local Payroll, powered by PaySpace.

 

Continue Reading

Trending