Do organizations know how to protect themselves? Source: Shutterstock

Do organizations know how to protect themselves? Source: Shutterstock

Why enterprises need more education about network security

ORGANIZATIONS know that there’s significant value at risk for those that fail to defend their networks against cyber threats.

Over the past few months, reports from various think tanks have tried to quantify the damages that cyberattacks can cause, and most have pegged the figure in the hundreds of billions.

The truth is, cyber threats are evolving and becoming more sophisticated every day, but most businesses still struggle to understand the basics of cybersecurity.

A recent report by Cisco pointed out that although spam emails were past their 40th anniversary and phishing and malware had been around for decades, executives still failed to understand the basics of protecting their inbox.

There are still several hundred attacks every month where staff, innocently interact with suspicious emails, providing bad actors with access to their corporate networks.

It’s why cybersecurity subject matter expert and Cisco Engineering VP Alan Lynn, in an exclusive interview with Tech Wire Asia, emphasized the importance of education in today’s increasingly sophisticated world of cyber warfare.

“These days, nobody thinks anything of attacks on land or sea or even the air. However, cyberspace is also a critical domain — albeit man-made — and needs to be protected.”

According to Lynn, as the world embraces the internet of things (IoT), the surface area of vulnerabilities increases, making it incredibly important for businesses to first, educate themselves about the risks, and second, explore more sophisticated methods and solutions to protect their business.

“Education is important because it is the starting point of all conversations in the cybersecurity space.”

Lynn and his team believe that although there’s a strong emphasis on the actions of staff, it’s the leaders who need to learn to be proactive and take definitive action to protect their businesses.

There are certain steps that organizations can take in order to help staff protect themselves — for example, Lynn advises businesses to turn any hot links in emails into plain text so that users have to copy and paste the links in their browser — giving them a moment to think whether it’s the right link to open or not.

However, that’s a basic measure in a world that’s increasingly becoming sophisticated.

According to Lynn, business leaders must explore some of the more intelligent ways to protect their organization and avoid risking the operational and customer data — and by extension, their reputation — that they’ve worked so hard for.

“Some organizations see hundreds of thousands of cyberattack attempts each day. For them, it’s only practical for them to use automated cybersecurity solutions that leverage artificial intelligence and machine learning. Anything ordinary is bound to be resource intensive and ineffective in most cases.”

Obviously, with IoT, the cybersecurity space will need to tread a challenging road in order to secure devices more effectively.

While organizations such as the FIDO Alliance are creating IoT working groups to help vendors establish a standard for device-level protection, Lynn emphasizes the need for smarter networks that identify devices and transactions for who they are and what they achieve.

“A security camera that’s a part of a network should only be able to do the job of a security camera and nothing else.”

As the landscape gets more mature, Lynn hopes that data won’t leave IoT devices or smartphones, that biometric and contextual information will be used to create a stronger cryptographic identity, and that traffic will be segregated depending on source and operation, making the network even more intelligent and secure.

At the heart of the discussion with Lynn, however, is education. Lynn and his team believe that leaders and their staff need more education so they can make the right choices when it comes to cybersecurity.

After all, shortchanging cybersecurity efforts could put an organization at great risk, invite legal action, and incur a lot more in monetary terms to repair the damage. Prevention is better than cure, even in cyberspace.