The human element continues to be one of the weakest links when it comes to data breaches.
In a recent slew of data breach incidents in Southeast Asia, human error or negligence is a dominant cause, with some estimates suggesting more than 50% of cybersecurity incidents are caused by internal employees or partners[1].
The sudden surge of remote working has seen some employees become less cyber aware, exacerbating the chance of human error and creating even greater cybersecurity challenges for businesses.
With the rise in the number of people leveraging cloud-based platforms to work remotely, recorded cyberthreats have also increased including the risk of a ransomware attack. According to a recent report, researchers found that the average remediation cost of a ransomware attack in Singapore alone approaches US$832,423.13[2]. The same research revealed that more than half of the misconfigurations exploited are caused by the accidental exposure that continues to plague organizations.
This means that organizations cannot afford to continue allowing preventable attacks to take place when resources to protect against human error are available. As such, cybersecurity education and training must be re-evaluated to ensure all employees remain cyber-vigilant while working from home.
The human element in education
While technologies such as firewalls and endpoint protection have a clear role to play in keeping organisations safe, employee education is one of the best ways an organisation can mitigate against cyber threats and manage risk.
With 76% of Singapore firms finding it their biggest challenge to educate employees and leaders about cybersecurity1,it is evident that technology alone is no longer enough to keep businesses safe. Organizations must develop a culture of cybersecurity awareness, education, and training to keep employees and their systems up to date on the constantly evolving threat landscape, and this is impossible to achieve without the help of senior human resource (HR) leaders.
Driven by the COVID-19-accelerated move to remote working, HR leaders are increasingly collaborating with IT leaders to devise policies, frameworks and training to better support and educate employees on how to be cybersecurity aware. At the same time, HR has a clear role in helping to fill the cybersecurity talent pool gap to ensure organisations maintain a strong security posture.
With Singapore’s push to create 30,000 skills training opportunities as part of a new initiative – the SGUnited Skills programme[3] – and with the support of private enterprises to train professionals in artificial intelligence (AI) and cybersecurity roles, HR professionals will play a pivotal role in helping to close the skills gap in the future of the economy.
Evaluating the skills gap issue
Inadequate education, leadership and funding are major barriers to ASEAN’s cybersecurity preparedness. Most business decision-makers in the region believe a lack of security expertise is a challenge for their organisation, with 72T% of Malaysian, 62% of Filipino, and 57% of Singapore organizations observing recruitment of skills to be a struggle.
Compounding these issues is the apparent confusion over cybersecurity responsibility within organizations and a lack of understanding of the specialist skills required. A common oversight is tasking IT staff with cybersecurity in addition to their other key responsibilities, rather than treating cybersecurity as a role in itself. This is where it is critical for senior HR and IT leaders to closely collaborate to determine specific skills requirements.
Defending cybersecurity with HR
Ultimately, cybersecurity is about managing risk. To do that effectively, HR employees must work closely with technology leaders to identify key areas where their team’s actions will have an outsized impact on protecting their organisation, employees and the data their company has been entrusted with.
The mindset of an organization’s HR team can set the culture for the entire organization. Disengaged employees are an attractive target for cybercriminals to exploit. Therefore, the onus is on HR leaders to take their organization’s security seriously and work with the necessary business and technology teams to set the right attitudes, culture and processes to keep it secure.
Organizations must be proactive in their response to today’s cyber threats. With the ever-evolving security landscape and the never-ending search for skills and best practices to overcome these threats, collaboration between senior leaders is key.
Most importantly, by fostering a workplace that prioritises cybersecurity awareness and training, and has the tools to effectively find suspicious activity, organisations will be on the right path to strong cyber hygiene.