In today’s everchanging and globalised world, where the economy is now more open-based and profit-driven, the Internet has become ever more omnipresent and vital for governments, corporations and individuals.
In fact, today’s wars have also transitioned from the conventional ones. You may have heard of the term Cyberwarfare. If you haven’t, that is not a problem. Basically, Cyberwarfare is the fact that the wars of the 21st century is to now capture, manipulate or destroy others’ data. This means that the IT systems powering organisations and nations around the world have become prime targets for attack, whether is it from individual criminals, well-organized cybercrime gangs, or state-sponsored hackers. Imagine that!
In addition, as the Internet becomes more prevalent and the world gets increasingly interconnected, cyber-attacks are bound to create widespread repercussions. Hence, cybersecurity is crucial for all types of organisations.
Often, cybersecurity is perceived by us as a new and more complex technology that will safeguard us from ALL types of cyber-attacks.
But let me ask you this, will this approach truly protect our cyber world?
Human Factor is a Persistent Cyber Security Threat
Before we go any further into this topic, let me pause you right here and take a slight detour down memory lane.
Remember those Math tests you had in school? You know, the ones with lots of numbers and equations and trigonometry?
Has it ever happened to you that when the teacher returns your test paper and goes through the answers, you realise your horrible careless mistake? Well, it has happened to me many many times, and I remember scrawling “careless” in big letters across the question as I mentally slap myself for not seeing my dreadful mistake.
So let’s face it. We are only humans. And humans occasionally make mistakes, whether we like it or not.
Now, while some may assert that technology has progressed by leaps and bounds in the past 30 years, let me just outright say it that technology is only as good as the humans who use it.
In fact, according to IBM cybersecurity Intelligence Index, 95% of all successful cyber-attacks are caused by human error!
Moreover, various researches have even shown that humans evaluate the risk involved in an action not based on any elaborate calculation, but rather based on how one feels about the action one is taking. For instance, if one feels positive about the outcome of that decision, they are likely to judge the risk of that action to be low.
So, for an employee watching a movie after working for long hours, the enjoyment the movie provides far outweighs the risk involved in using an insecure USB drive.
And combined with our brain’s tendency to discount risks in the future, most employees will tend to underestimate the risk involved in their decisions when using IT systems.
The truth is, more often than not, we are complacent towards cybersecurity.
We may have the impression that cybersecurity should be left to the IT Department or Managed Service Provider (MSP) to settle, and does not concern them. I mean, this is in fact very similar to a fire drill. Let me ask you bluntly, how many of you will intentionally go for a “coffee break” minutes before the bell goes off? Sounds familiar? Well, the sad but true fact is that most people do not take a fire drill seriously because one may assume that a fire “will never happen to us”.
And unfortunately, this tends to be the same attitude that we have towards cyber-attacks!
But remember, it only takes one hack or one human error, to wreck havoc on your systems.
So How Aware Are You?
If you are interested to find out how aware you or your colleagues are about cybersecurity, here is a short quick quiz to assess how much you know about cybersecurity!
How do you identify a spear phishing campaign?
What are malware and ransomware and its associated risks?
What actions would you take if your company’s systems were infected with Ramsomware?
How do you secure your personal devices at home and in the workplace?
Are you able to answer all these questions immediately? Or at a loss? Well, if your response is more of the latter, that means you have not fully grasped cybersecurity yet.
Thus, it is extremely vital that we raise people’s awareness to enhance the ‘Peopleware’ aspect of cyber Security. But how can this be achieved?
Addressing the Human Factor, Building a Human Firewall
What we need is an Effective Security Awareness Training Campaign that incorporates proper training and cultivates the right culture. Through this, our response will be sharpened. We will now be more vigilant and able to detect a possible cyber-attack. This will reduce the frequency of cyber-attacks and data breaches in the long run.
This campaign has 4 main components
1. Policies & Procedures
It is important that businesses have appropriate regulations and course of action. These ensure that all staff have a baseline and documented standard to adhere to. With straightforward policies and easy-to-understand steps presented in a clear format, employees have a standardised framework to refer to
Training must be fun, engaging and informative so that a culture which emphasises the importance of cyber Security can be cultivated. Regular training also serves to reinforce the policies and procedures.
Assessments should be conducted periodically to gauge the staff’s learning on cybersecurity. Phishing simulations could be utilised to test the effectiveness of training and allow staff to experience real-world scenarios. This allows staff to apply the knowledge learnt from training into practice in a real-life application.
Accurate and user-friendly reporting should be compiled to provide an overview of the company’s performance. It can also identify at-risk areas or users in the business.
It’s About the People
Companies need to concentrate their efforts on Human Behaviour and make it the foundation for a reliable and powerful culture of security. Doing so will lead to an increased return on investment in technology by developing an educated and informed workforce.
Human Behaviour is the foundation for cybersecurity.
That message needs to be delivered — and acted on — not just this month, but every month.
Ultimately, it is vital that companies create a culture where staff are well-equipped with cybersecurity knowledge and are crystal clear in their role in preventing a cyber-attack. A cyber awareness culture, where staff take their own digital footprint seriously and understand what safe behaviour to exhibit, in tandem with sound IT infrastructure, will ensure a safe yet robust cyber world.
The best solution for you is to ensure that you have a Defence-in-Depth security measure in place in the office for you and your employees to be more aware of cybersecurity.