Can businesses really secure their digital networks with more people? Source: Shutterstock

Can businesses really secure their digital networks with more people? Source: Shutterstock

Is more talent really the answer to all cybersecurity concerns?

COMPANIES struggling with cybersecurity seem to believe that their biggest challenge is that they don’t have access to the right talent. That’s not true.

Time and time again, reports that analyze the cybersecurity landscape in Asia or anywhere else in the world, the most alarming issue they discover — probably after the value at risk — is that people are the biggest risk to the network and infrastructure at most organizations.

Most of the hacks occur as a result of a spoof link that a staff member opened in a rush or an email that an unwitting executive responded to, with sensitive details.

Therefore, no matter how many IT staff or cybersecurity professionals a company hires, the reality is that the needle won’t move very far in terms of providing the company with a robust defense.

The right way to move the needle, however, is to first provide the right amount of training to staff, time and time again, and test them, in order to sensitize them enough to not only manage their own actions better but also police the actions of their colleagues.

Organizations must remember that employees don’t want to do any harm to the organization and usually intend to make the right choices and decisions when it comes to protecting the company’s networks and digital infrastructure.

A general lack of understanding of what is harmful and what isn’t is what causes employees to fall into traps and inadvertently jeopardize the company.

Truth be told, given the new regulations in place around data privacy and protection, employees seem to want to help their organization take the right steps in order to comply.

After all, successful compliance is something to be proud of in this era and is a way for companies to prove to customers and stakeholders that the business should be trusted with data.

Training, when provided periodically, not only helps employees get to grips with the fact that they’re responsible for cybersecurity in some way but also creates a culture where questioning things that don’t look right is celebrated and probably even incentivized.

Some of the leading organizations that pride themselves on continually coaching employees on cybersecurity best practices tend to run random division-wide and enterprise-wide tests.

One common test includes sending an email from a “known associate” to see if the company executive clicks on the “link” or report the email it to IT staff as an attempt to “spoof the user” so other members of the team or company can be informed.

Once employees have been sensitized, the organization can think about investing resources in upgrading its defenses to add some degree of intelligence into the network — this involves artificial intelligence or machine learning — but the effectiveness depends on the overall digital maturity of the business and the team.

While technology will constantly evolve, the reality is that people will remain, which is why culture and training in an organization is key to defending against cyber threats of all kinds.