With overstressed IT teams and talent drains worldwide, it is time to empower employees to mitigate Corporate Cybersecurity help protect corporate cyber resilience.
‘Staying home’ has been a central theme in efforts to combat the spread of the novel coronavirus in the past months. Perhaps a similar approach can be taken when dealing with cybersecurity threats. ‘Home’, literally and figuratively, is where organizational threat-defense efforts need to start and be ramped up.
Since the pandemic, there has been an estimated 70% increase in remote-working across the globe. As organizations look to drive productivity and lower costs, Deloitte has projected that up to 47.8 million people across ASEAN could permanently shift to working remotely over a multi-year horizon. This can create more vulnerabilities for cybercriminals to hack into home networks and implicate an enterprise’s infrastructure as well.
It is timely that businesses move away from the traditional and outdated mindset that the responsibility of an organization’s security falls only on the IT team. It is time we empower employees so they can play their part in building cyber resilience for their organizations.
Cybersecurity starts with the people
In my experience, there are three ‘M’s culpable for cybersecurity breaches in an organization: Mismanagement, Misconfiguration, and Mistakes.
Of these, I have found that people are usually the weakest link, particularly because there may often be a lack of awareness, lack of competencies, and lack of care.
Take phishing, for example. It is one of the most common and effective methods of social engineering and has become increasingly sophisticated in recent years. People fall prey to phishing scams easily because they are either unable to distinguish a phishing message from a legitimate one, or they are indifferent or uneducated about such attacks.
Business leaders should therefore dive deeper into a people-centric approach towards security. There needs to be a fundamental shift in securing an organization’s data and intellectual property. This hinges on equipping individuals with the right knowledge, awareness and tools to detect, manage, and mitigate risks.
One way to equip employees with the know-how is to develop and improve cyber intelligence and cyber literacy among a workforce. This is especially relevant and important for home-based workers, in order to reduce cyber risks stemming from internal sources. This does not mean that the onus lies only with employees to protect the business; rather, it is about establishing adequate education, proper systems and protocols that work, to ensure adherence to security policies.
More security tools but still insecure
For most organizations, the view of cybersecurity is piecemeal and very technology-focused. Effective cyber defense does not mean just deploying products or technologies. An average enterprise uses at least 75 security tools , but breaches are still taking place. Using more technology services and products is not the magic bullet to approach one’s cybersecurity strategy. Rather, a robust connected security model involving people, processes, and technology is the solution.
Enterprises are gradually realizing that the evolution of the threat landscape cannot be managed by just their employees and IT team. Working with managed security service providers (MSSP) is the way forward for many digital businesses today. Support from trusted partners can help ease the workload and greatly strengthen an organization’s security posture. Threat-defense capabilities can be extended through adaptive threat intelligence solutions for data analysis providing insights that you can act on, and managed security behavioral analytics solutions to help you monitor breach of access privileges and network activity for detecting potential threats.
This frees up resources for businesses to focus on their main operations and not be burdened by security challenges. MSSPs may offer a wide range of vendor-agnostic solutions and services, all of which can be more cost-effective to any organization’s own resources.
Aside from outsourcing security, businesses can consider adhering to a cybersecurity framework to improve resilience against attacks. One example is a guide provided by the Multi-State Information Sharing & Analysis Center to help organizations apply and advance their cybersecurity policies in optimal ways.
Lastly, organizations should widely-adopt training tools designed to help employees understand the security implications of their actions and change their behavior needs. Improving cybersecurity awareness among employees has also been valued by our global customers over many years.
Building a cybersecurity-minded organization
Creating a culture of security cannot be expected to happen overnight. It is a transformation that begins by demystifying technology and preparing your employees to be vigilant of cyber threats in their myriad forms. Cyber threats are always evolving, but the constant vulnerability of an organization remains its employees.
Although security measures such as antivirus software, firewalls, and system updates are managed by IT departments, I cannot stress enough that employees can be empowered with the knowledge to detect a threat or prevent one from becoming a breach.
Security upskilling and accountability within the workplace will in the long run translate to better customer satisfaction, brand loyalty, and digital trust. These are the values that need to be constantly communicated, inculcated, and upheld in your workforce to reinforce the overall importance of cybersecurity and to demonstrate why mitigating cybersecurity risks starts at the corporate ‘home’.