Success is when humans, not devices, are at the heart of cyber defence

Success is when humans, not devices, are at the heart of cyber defence

The shift to remote working brought on by the COVID-19 pandemic has significantly expanded the attack surface for organizations, with remote devices lacking layers of technical controls available within the enterprise networks. 

A recent report by HP Inc. shows reveals a 238% increase in global cyberattack volume during the pandemic. The survey shows that changing work styles and behaviours create new vulnerabilities for companies, individuals, and their data. Responding to the findings, Joanna Burkey, Chief Information Security Officer (CISO) at HP Inc., said, “As the lines between work and home have blurred, security risks have soared, and everyday actions such as opening an attachment can have serious consequences. Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.”

The pandemic and the immediate post-COVID-19 period have been marked by a sharp rise in social engineering attacks. Here, cybercriminals trick employees to give up their credentials, instal the malware for them, or directly send data or money to perpetrators. Unlike most other attacks that target machines and networks, social engineering attacks require human interaction to be successful.

Despite the relatively unsophisticated nature of such scams, they have emerged as a highly effective attack mode. Research by cybersecurity software firm Proofpoint shows that from March 2020 to September 2021, over 7,000 CEOs or senior executives have been impersonated, with the average number of CEO impersonation attacks per organization rising to 102.

Protecting what matters

The rise of social engineering attacks shows traditional methods of cybersecurity fall short when set against modern threats. Conventional measures have primarily focused on protecting servers, networks and endpoints. Meanwhile, data shows that most threats —over 90 per cent, according to a report by Verizon, get delivered via email to people.

IT security investments are similarly skewed. According to the ‘Flipping the Script on Security Spending’ report by Proofpoint, only about 8 per cent of security budgets is spent on protecting the email channel, despite 90 per cent of the threats being sent through email.

Therefore, there’s an urgent need to align cybersecurity strategies and resources to the real threats facing organizations and focus on the primary target, people. This realignment should result in increased investment in people-centric cybersecurity strategies.

People-centric security calls on security teams to focus on their people, understand who their most vulnerable people are and equip them with the resources to protect themselves. Such measures should offer a 360 degree of protection by bringing together technology, processes, and people.

From a technical perspective, tools such as AI-enabled secure email gateways can leverage algorithms to check the authenticity of an email by analyzing the language used. A word such as “urgent”, popular with cybercriminals, should trigger a warning.   

On the process side, some organizations have put measures in place that would prevent an invoice from being paid out if they cannot authenticate the identity of the person sending the email. Readily available authentication standards such as DMARC, which prevents criminals from hijacking your domain to trick employees and business partners, should be in use.

Turning weakness into strength

Training is particularly crucial to solving the people vulnerability equation. Cybersecurity training should be standard and enforcement rigorous – this does not imply retribution as it could backfire and prevent staff from reporting threats. Employees should quickly identify suspicious emails, which they should automatically forward to security teams.

There’s also the need to shift how organizations treat employees. In traditional settings, people have primarily been viewed as a cyber security “weakness”, and organizations fail to take advantage of a valuable cyber defence resource.

A people-centric cybersecurity strategy recognizes that people are an effective tool to prevent cyber-attacks and empowers them with the training to identify threats and the freedom to take some basic remedial actions. 

The shift in mindset may seem trivial but has significant implications on how billions in cybersecurity spending are spent. Most importantly, this can help save organizations from the damaging effects of data leakage, downtime and reputational risks that cybercrime enforces.

Effectively guarding the modern, post-perimeter enterprise requires a different security paradigm, says Mile McKee, CEO of cybersecurity firm Dotmatics. “As such, security paradigms must evolve to protect individuals, who largely mean well and deserve privacy, while also safeguarding the organization’s intellectual property, critical resources and brand reputation,” he adds.

Cybercriminals will continue to target employees for the simple reason that it works. But therein lies the greatest opportunity to solve a significant part of the global cybercrime plague. A people-centric security strategy is cheaper and more effective in the long run for increasingly vulnerable global firms.     

Related
articles

Co-creating smart cities we can thrive in

We caught up with Kris Libunao (Executive Director and Chief Sustainability Officer at SmartCT) to find out how she started out in tech – and why sustainability practitioners are so important for developing smart cities. Libunao is working to improve the way smart cities and digital transformations happen in the Philippines

Networking on the moon

Telecoms is an industry that edges forwards – building better, faster connectivity one step at time. But according to Pekka Lundmark (President and CEO at Nokia), connectivity in 2023 is all about blank canvases. And one of those canvases is the Moon. NASA runs a program called Tipping Point, which drives

Inclusive leadership – in space

“Our whole capsule is flooded with light as the forward hatch opens and reveals Earth. And for me, capturing this moment of awe and wonder and beauty that we felt in that moment…and when I think about my time in space…it’s the moment of Earth light. Feeling