When it comes to designing and implementing cyber security, the human factor is becoming increasingly important. Here’s what you need to know…
In today’s world, everything is interconnected.
This means that your TV is connected to different streaming providers, such as Netflix, YouTube, Stan and many others. This does not take into consideration that you may have downloaded many other applications to have an “all-in-one” experience.
The most common example of this type of experience is a single smart TV connected to the internet, but we forget about other devices that have these capabilities such as baby monitors, ring bells, smart refrigerators, and so on. Yes, it’s easy to forget that they are also connected to the internet.
Baby monitors may be connected to the provider’s cloud, ring bells on your mobile phone while you are away to see who is at the front door, and smart refrigerators may see if you still have milk in the fridge while you are at the supermarket.
All these devices are behind what is called a firewall, a device that sits between the Internet and your house. The same type of device is used in businesses and big organisations.
All this new technology has been created to make our lives easier. In the sense that it adds convenience to our already hectic lives, it also adds another layer of complexity.
From home to work
While at home, you may have a firewall that has been provided by your current Internet provider. At work, normally these devices are more expensive. Well-known brands are often used in businesses. These big brands, such as Cisco, FortiGate, Juniper, and so on, come with extra support, maintenance, updates, and features that you may not find at home. The purpose of all of this is to keep the bad guys outside the network perimeter.
In addition to that, you may find that in businesses there are security elements that you don’t have at home, such as web filtering, application control, data loss prevention, and so on. These types of technologies are normally deployed in organisations that can afford this level of security.
Having said that, organisations have a bigger budget than households do. However, even if you deploy the most expensive firewall and the most expensive intrusion detection and prevention systems, you still have your last level of defence untrained—the human factor.
These are the end users, and this “human factor” plays a role in both home and business security.
Why is the human factor a security problem?
Many companies out there focus on the “devices” factor, the “one-fits-all” solution, and even there they are compromised. A password for a critical system could be leaked, ransomware could be deployed inside their perimeter, and so on. After the event typically comes the finger-pointing stage, where questions are asked about, “What about spending more money on a better firewall?” Or more money for a better antivirus? And so on, leaving out of the equation the human factor.
In recent years, there has been a significant increase in cyberattacks and attempts to exploit human vulnerabilities using social engineering methodologies. The problem is that a very common error that occurs today and makes many companies vulnerable to cyber-attacks is that they only care about the “tool” during the implementation process. Now, human factor is a very important element in any cyber security ecosystem.
Work culture
There are many books and pieces of literature about work culture, most of which aim to study the processes and attitudes of the employees within an organisation.
Just to name a few, “The High Engagement Work Culture: Balancing Me and We” by D. Bowles and C. Cooper. The boofocuses on “the way we manage our employees has not kept pace with the changing nature of workplaces, growing competition, and the changing attitudes of people at work.” “This mismatch is not sustainable.” Here’s another good one, “Culture Your Culture: Innovating Experiences @Work” by Karen Jaw-Madson, who shows that “organizational culture isn’t just a hot topic; it is an untapped asset of potential liability for all businesses”.
You can find plenty of literature about organisational culture and how to approach, understand, and change it. However, Cyber Security Awareness is something that is normally left out. Let me put this in simple terms: your employees are your last line of defense!
It doesn’t matter how much money you throw on the best firewall in the world or even your best antivirus. All it takes is a simple email to pass through all your defences and reach the end-user mailbox. And there it is, waiting to be clicked and opened, and your network is compromised.
How simple and easy is that?
The Human Factor in Cybersecurity
As a result, the human factor in cyber security is becoming increasingly important, especially when designing and implementing cyber security in any organisation. Your employees do not need a cyber security degree or even a certificate in security. They only need to understand and be aware of current security trends and be alerted when something unusual occurs.
There are a number of applications, tools, and services that can help your employees be more alert. But at the end of the day, the culture will change only if the top executives and management see that as a necessity rather than “an end-user problem.”
Want to know more about helping your end-users understand more about cyber security? Learn about our Security Awareness Training options to make sure that your last line of defence is strong enough to stave off even the trickiest phishing attacks.
Calibre One provides innovative Business IT, Communication and Security solutions. Contact us today and find out what our team can do for your business.
