sb-as logo
Story image

Employees the 'weakest link' within an organisation's cyber security defence

Employees are fast becoming the weakest link in the defence against cyber criminals. That’s according to Sean Duca, the vice president and regional chief security officer, Asia Pacific of Palo Alto Networks.

“Successful attacks often involve poor processes or human error. To reduce an organisation’s threat surface, the focus of regular employee training needs to shift from reaction to prevention,” he explains.

“Companies need to put themselves ahead of emerging threats.”

Duca says there are certain ways businesses can protect themselves against such threats. One way, in particular, is incorporating security awareness into the organisational culture.

“Businesses with strong security processes are still vulnerable to innocent mistakes and human error. Employees become agents of a malware attack when they simply click on a link in an email they may have received from an internal team member or outside contact,” he explains.

“Attackers are constantly developing new techniques to break into networks, including targeting employees in areas that may be less aware of the risks.”

Duca adds that it’s incumbent on all employees to take responsibility for their cyber practices, this must include a top down approach. If an executive doesn’t take their security seriously, their employees won’t.

“This includes being aware of the possibility for legitimate websites to be hacked and the increase of compromised websites targeting users with specific interests,” he says.

Another way is for organisations to move beyond a compliance-driven approach.

“Compliance-driven approaches have proven to be ineffective for organisations when used for employee security training. Businesses should focus on educating employees on how to protect their personal data, therefore encouraging employees to enact further security-orientated practices in the workplace,” he explains.

“Gamifying will help make the training process more exciting and engaging for employees, increasing employee awareness of cyber security practices, including how to deal with phishing emails correctly.”

The last way that Duca details, is to limit the number of employees with administrative access.

“Only those with appropriate clearance should be able to access files. Giving all employees blanket access means attackers only need to successfully infiltrate once to have full access to a business’s entire system,” he says.

“By ingraining cybersecurity practices within organisational culture, introducing new ways of training, limiting access to only those with authority, and educating employees to practice safe and secure behaviour online, the cyber risk for businesses can be greatly reduced.”

Story image
Unbound seeks channel growth with new partner programme
Those who sign up will have access to Unbound’s security solutions, sales and partner enablement, deal registration and partner portal.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
Microsoft: Digital transformation doesn't make SMEs immune to cyber threats
Ricky Kapur warns that despite digital transformation every business is at risk - no matter how large or small they are.More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More