From Weak Link to Impenetrable Shield: Empowering Employees to Reduce Cyber Risk
Anurag Lal, President and CEO of Infinite Convergence.
A major risk exposure for enterprises today is cyber risk with 84% of organizations experiencing one or more breaches in 2022. Enterprises are working daily to combat cyber threats which are growing in frequency and sophistication. When successful these threats have costly reputational, legal and financial repercussions. IBM’s most recent Cost of a Data Breach report revealed that the global average cost of a data breach reached $4.45 million in 2023, a 15% increase over the last 3 years.
A majority of data breaches - 74% - involved the human element. Humans make mistakes. Cyber criminals are very aware of this and work overtime to exploit that fallibility, attacking people more often than technology to gain access to networks and systems. Research from cybersecurity company Fortinet found that 81% of organizations faced malware, phishing, and password attacks last year which were mainly targeted at users. Fortinet noted that this data “underscores that employees can be an organization’s weakest point or one of its most powerful defenses”.
As the risk of cyber threats continues to increase, enterprises can significantly reduce that risk by empowering employees to become an impenetrable shield against cyberattacks, proactively stopping these attacks before they start.
To help employees become powerful security assets, organizations should take the following proactive steps:
Establish a strong security culture
Establishing a strong security culture is critical for mitigating cyber risk and reducing the potential of costly data breaches. An enterprise-wide commitment to cybersecurity is one that makes cybersecurity a shared responsibility across the organization, creating an environment where everyone understands their role in reducing cyber risk.
Making employees partners in advancing a security-conscious culture encourages cyber secure behaviors and attitudes and helps minimize risky behaviors such as using unauthorized apps, accessing malicious websites and clicking on suspicious links in e-mails.
Provide secure collaboration tools
When employees are provided with secure collaboration platforms, they will not turn to unsecure messaging and collaboration tools that expand the cyberattack surface in organizations.
Many consumer-grade messaging apps and unsecure collaboration tools do not have the enterprise-grade security, compliance and governance features needed to keep organizations secure. Bad actors are well aware of the vulnerabilities in these less than secure tools, tailoring their attack mechanisms to these channels. Research shows that cyberattack numbers increased 38% in 2022 compared to 2021, driven up “by smaller, more agile hacker and ransomware gangs who widened their aim to target business collaboration tools”.
Secure, user friendly all-in-one platforms like NetSfere designed for the enterprise with end-to-end encryption (E2EE) reduce the attack surface and keep organizations secure. E2EE locks down sensitive data in transit and at rest, ensuring that only the sender and receiver can read messages. Secure by design collaboration technology like this provides employees with a convenient and frictionless way to share ideas, files, and data without compromising the security of networks and systems.
Set and enforce clear policies
Employees can become one of the most effective security controls in an organization when clear cybersecurity policies are established, communicated and enforced. Policies prohibiting the use of shadow IT (the use of unsanctioned applications that are not monitored and managed by the enterprise IT department) are particularly important for employees to be aware of and understand.
The danger of employee use of shadow IT lies in lack of IT control. IT teams can’t control what they don’t know about which can lead to unauthorized access to an organization’s IT infrastructure, according to Randori’s State of Attack Surface Management 2022 report.
Policies prohibiting the use of shadow IT means employees will avoid using apps and tools that can increase enterprise risk exposure to data breaches and compliance violations.
When employees are trained to recognize cyberthreats, they are better equipped to identify, report, and prevent cyberattacks.
Providing regular cybersecurity training that educates employees on common threats such as phishing, malware and social engineering and teaches them best practices for password management, secure remote working and data handling reduces the risk of human error, helping employees take proactive steps to protect sensitive company data and information.
Cybersecurity tools alone are not enough
Tools such as firewalls, intrusion detection systems and VPNs help defend against potential cyber threats, but they are not enough to fend off cyber criminals. Effectively combatting cyber threats and reducing cyber risks today requires organizations to empower employees to become an impenetrable shield in cyber securing the enterprise. A strong security culture, secure collaboration platforms, clear policies, and cybersecurity training are the way forward to achieving that.