Cyber security in the COVID era: Creating a human firewall of employees
We live in the era of the digital revolution. The COVID-19 pandemic has accelerated the shift to digital. More and more organizations are looking to get on the digital highway. But, are these organizations giving the requisite amount of importance to cybersecurity?
Let us look at some numbers. According to the latest research by the Ponemon Institute, the average total cost of a data breach in 2020 was a staggering USD 3.86 million. On average, it took a company a total of 280 days to identify and contain a breach. These are just the quantifiable costs – it does not include the reputational and branding damage that a successful data breach can cause.
Simply put, cybersecurity is perhaps the most important component of an enterprise right now. Organizations have recognized this fact and have implemented various cybersecurity frameworks to build resilience against cyber threats.
The employee’s role in cybersecurity
At the same time, it is important to consider the role the employee plays in an organization’s cybersecurity framework. When it comes to cybersecurity, employees matter. From the point-of-view of a Chief Information Security Officer (CISO), you can implement the strongest access controls within the organization and still be susceptible to security incidents if your employees are not invested in the process.
Employees are human beings and that is why they are susceptible to cyberattacks which is what malicious threat actors look to exploit. That is why social engineering attacks, which manipulate employees into revealing confidential data, are common. If employees unintentionally click on phishing links or get tricked by Business Email Compromise (BEC) scams, the possibility of damage is immense.
The answer lies in converting this weakness into a strength – transforming your employees into a valuable asset in the cybersecurity journey.
The ultimate aim of an organization should be to, along with the digital firewall, create a human firewall within the organization. This is a fully-invested workforce that is regularly trained and updated on cybersecurity compliance measures. This training and awareness must start right from the initiation stage and be backed up by regular and continuous reinforcement. Through communication campaigns, audits and assessments, employees must be regularly informed of their duties and responsibilities towards information security. Compliance must be tracked with clear policies on cybersecurity outlined, updated and regularly disseminated.
Educating your workforce
Cybersecurity is not an issue that affects only the IT department, it affects the entire organization. This is the key tenet that must be spread across the entire organization. While employees may be aware of information security, it’s likely that they don’t take it seriously because they don’t understand the consequences. They may indulge in dangerous activities such as using easy-to-guess passwords or using the same password on all accounts. To put a stop to these activities, employees must be educated about all aspects of cybersecurity, why it is important and what they must do to keep the organization safe.
Regular assessments & simulations are key
There is a saying in cybersecurity – it’s not a matter of if you will get breached, it’s a matter of when. Enterprise security has evolved from threat prevention to threat detection & response. Regular cybersecurity audits in the form of phishing & breach simulations must be carried out to understand the level of maturity within the employee workforce.
An organization is the sum of its employees and the same is true for cybersecurity as well. A human firewall perfectly complements a regular hardware firewall by ensuring that employees remain vigilant and cautious. The result is a secure organization, both from a technical point-of-view and also from a “people” point-of-view.