Story image

Why you should let employees step forward in fight against cybercrime

07 Aug 17

Employees may be one of the biggest security risks, but also an organisation’s major strengths.  Many firms don’t realise that employees can help mitigate risk.

Familiar names such as CryptoLocker, DDoS, botnet attacks and ransomware are now commonplace in the common world. Manuja Wijesekera, pre-sales solutions architect - Fortinet, Wavelink, says it’s about taking a multi-dimensional approach to protecting organisations.

“Given the explosion of hacking related security outbreaks in the past couple of years and the damage it can do to organisations, it is becoming more important than ever to remember that no matter what technology or security measure is in place, more often than not employees are the first line of defence,” Wijesekera explains.

He says risks can come in the form of mistakes, being unable to identify a suspicious link or email, connecting unsecure devices to the network, or even insider threats, this should all be considered when coming up with a mitigation strategy.

 “Employee mistakes are a common cause for security breaches and hackers are using the emotional aspect when trying to entice us to click on a link or open an infected file, hence the need for organisations to foster an environment where an employee can ask questions without being reprimanded or ask for help if they think they’ve made a mistake that might have put sensitive data at risk.” 

He says that organisations should make employee engagement as part of their workplace culture, from the onboarding and induction process, as well as regular exercises and awareness campaigns throughout the year. Those in charge of security should also be certified.

That may not be so easy for small- and medium-size businesses. They don’t have the dedicated resources, and are ‘setting themselves up for a breach’.

“The other issue is that many smaller organisations are not willing to invest at all until they have suffered a breach, which is often too late. Their network may even have already been penetrated without them knowing it because they don’t have the systems in place to track it,” Wijesekera explains.

He says that it’s less of an issue because security involves CEOs and other high-level executives, especially when they are being held accountable for protecting sensitive information.

“Ultimately, all organisations need to look at making security part of their overall culture, and move away from the notion that having a single security device at the edge will make them secure. They should look for solutions and partners that can offer a fabric of security technologies with the importance given to technologies that are able to share intelligence. They also need to have a good governance program in place to maintain and monitor security in real time and an awareness program that includes all employees,” Wijesekera concludes.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.