Empowering Employees in the Fight for Cyber Security.
More than half of firms in the UK have reportedly been attacked by hackers, according to a study conducted by insurer Hiscox. The survey, which spanned across 7 countries and 5,400 companies, found that the number of businesses who fell victims to cyber attacks rose from 45% last year to 60% this year.
Employing effective cyber security strategies is imperative for any modern business. With the flurry of attacks on private and public networks over recent years, it has also become an increasingly urgent concern.
Employee negligence and human error exacerbate the cybersecurity risks businesses face today. With more and more cyber attacks targeting employees as the weakest link in vulnerable networks, modern cyber defence strategies need to refocus on the human aspect of network security.
The human factor in cybersecurity
As computing systems get better at fending off attacks from hackers and cybercriminals, attacks are increasingly redirected to exploit the variable aspect of the security equation — the human factor. A well guarded system can be left vulnerable by a negligent employee installing an inconspicuous malware.
This is demonstrated by the fact that email phishing remains the top weapon of choice for cyber criminals today. Hacks based on social engineering — exploiting human weaknesses to gather information or attack a system — are also on the rise. About one in five workers share their work passwords with co-workers, according to a Switchfast survey. Pre-texting, tailgating, baiting, and quid pro quo are some of the most common social engineering attacks used by cyber criminals.
Yet, studies show that despite the telltale warnings, only 27% of UK businesses and organisations have staff members who have attended training regarding cyber security in the last 12 months, reports the University of Portsmouth. This is especially dangerous as businesses depend more and more on technology to operate. Verizon Connect details how many companies are undergoing digital transformations in order to improve operation processes and help with their infrastructure. Yet, while this provides businesses with a greater reach, it also increases the outlets in which they can be attacked.
This is why good strategies must not hinge solely on technology, but on the biggest asset against vulnerabilities — employees. Cyber security isn’t just about guarding your emails, but empowering your employees to be vigilant and proactive in thwarting cyber attacks. Especially as businesses are becoming more digital.
Re-skilling and training
Leveraging new technologies and new strategies won’t be enough if you won’t re-skill your employees. Our contributor Ajay Sood notes that flexibility and creativity are essential features in putting up cyber security measures. Leadership support is key in any successful security awareness training. Create an engaging but consistent curriculum that caters to your company’s specific needs.
Peer learning
Ultimately, empowering employees in cyber security means fostering a culture of vigilance. More than devoting days for learning protocols, systems must be in place to constantly encourage desired behaviours and mitigate problematic ones.
Security Intelligence highlights that security awareness, when done in an interactive manner, is contagious. A top-to-bottom approach isn’t always enough to create a culture that can safeguard the organisation and the employees. Getting employees on-board with new initiatives will be easier when they learn it from a peer. The variety of voices advocating cyber security can catalyse the process of learning and increasing vigilance.
Multidimensional approach
Research supports that the ultimate defence against cyber attacks is an educated computer user. Taking a multidimensional approach remains the best method to deploy. This includes improving technical and organisational processes, network guidance, and stringent security policies on top of training employees.
The most effective security awareness strategies are when security tools, business processes, and human decisions are complimentary and synergistic. Ideally, security tools and defined protocols are there to prevent employees from making insecure decisions. Recent iterations of security software have higher automation and are even AI-enabled to increasingly reduce human intervention. But, on the other hand, the ultimate goal of security awareness is covering the bases where tools and governance will eventually fail. Because it is important to always remember that although it can be a vulnerability, the human factor is also a major asset.
Many of the attacks happen outside the confines of an office, and creating a strong culture of vigilance can mitigate these. Simple protocols like not connecting your work devices on public networks is a protocol only awareness can instil. As consumers, people trade off their security for ease-of-use — as seen in some people’s aversion to two factor or multifactor authentication protocols etc. The use of screened apps, clearing cookies, enabling 2FA, are just some of the protocols workers can adopt to their daily lives, even outside of work.
In today’s digital age, training your workforce in cyber security — with a clear, timely, and practical curriculum — should be the norm and standard in any organisation. Hackers and cyber criminals strive to perfect their craft and exploit the vulnerabilities of organisations — so too should companies go all out in closing these gaps.
Download your FREE copy of Canadian Cybersecurity 2020: https://secure.e-ventcentral.com/event.registry/CanadianCybersecurity2020/
Follow the CLX Forum on LinkedIn and Facebook to keep up-to-date with the latest happenings in the world of cyber security.
