Business Daily Media

Why businesses should invest more in their people and not cybersecurity technology

  • Written by Josh Lemon, author and certified instructor at SANS Institute, managing director DFIR APAC at Ankura

Continuity is essential in the business world. Yet, the pandemic stunted the traditional business model. Employees that were going into the office five days a week immediately transitioned to working in a remote work environment, causing a shock to the system – or should I say our IT systems.

Employees began working on unmanaged and unmonitored home networks in the name of 'getting the job done', thereby creating a broader attack surface for cybercriminals to infiltrate systems. As a result, organisations turned their efforts to investing in more cybersecurity technology to secure their networks while ensuring remote access.

The benefits of cybersecurity technology are evident, but implementing and applying it to already established systems can be expensive and time-consuming. As cybercriminals continue to evolve their social engineering tactics, technology can't be the only solution to secure an organisation.

Now, as hybrid work becomes our working normal, businesses must address their cybersecurity more than ever. To save time and money spent on cybersecurity technology, organisations should be taking an educational approach to their cybersecurity strategy. By educating employees on the cyber risks associated with working in various locations and methods to use when faced with a potential cyber breach, businesses can further build a mature cybersecurity model that mitigates the chance of cyberattacks and provides an early notification when they do occur.

Where to start?

The social engineering tactics of cybercriminals today have made something clear – business systems can no longer be protected just by technology, people play a significant part in protecting an organisation. Employees work within an organisation's network five days a week or more. They understand the intricacies of the business's data and the information that passes through various systems.

Yet, in today's hybrid work landscape, organisations need to empower employees to reduce a business' attack surface for cybercriminals by implementing a cyber awareness program. Implementing a cyber awareness program into your business can provide a structured approach to managing human risk.

The first step to developing a mature cyber awareness program is to evaluate human risks and employee behaviour on how they are using an organisation's systems. Once organisations understand their employees' cybersecurity behaviours, business leaders can better assess what systems or employees' are more attractive targets for cybercriminals.

The second phase is to start maturing the cyber awareness of your employees to invoke change. Organisations can gamify phishing simulations but tracking the employees that successfully reported/identified a phishing email. As employees correctly identify phishing emails, they can progressively receive harder to determine phishing emails in future simulations. This not only educates employees, and hopefully makes phishing simulations more entertaining for staff, but it also ensures staff are always thinking "have I levelled up and is this a phishing email" – especially with a real threat actor sends them one.

While there's no one-stop-shop to achieve an educated workforce, it is good to start with some basics, including the need for strong passwords, implementing multifactor authentication, and regular software updates on remotely used devices and internet-facing systems.

Prevention is at the centre of cyber awareness programs. Maturing a business's cyber security awareness program gives time, money, and energy back into the business, whereas it could be ill-spent in reacting to a cyber breach.

The pandemic's impact on business continuity has been felt across Australia, from small-medium businesses to large enterprises, but ensuring an entire dimensional cyber strategy is in place can take the pressure off in our new working landscape.

Business Reports

How Sport4 is changing the way you watch sports

Forget about pay-per-view or checking the score at half time – Sport4 is changing the way Australians watch sports.  Fresh from their national debut at the Judo Australia National Championships, Sport4’s automated sports...

Advantages of Vacation Rental Management Software

The first vacation rental management software systems were launched in the early 1980s. At the time, they were majorly used by hotel owners to manage their properties online. The main functions included hotel reservations and ...

TIP Group grows; appoints new senior executives

Teaminvest Private Group Limited (ASX:TIP) has appointed two new senior executives to further accelerate the company’s growth. Timothy Wong has been appointed Head of TIP Equity (the company’s private equity division) and...

What to Look for in a Point of Sale System

When you're looking for a point of sale system for your business, there are a lot of things to consider. What type of business do you have? How many employees do you have? What features are important to you? In this blog post...

Why Roe v. Wade's demise – unlike gay rights or Ukraine – isn't getting corporate America to speak up

Many Americans reacted with outrage to the Supreme Court's decision to dismantle the constitutional right to abortion.AP Photo/Rick BowmerCorporate America – once known for carefully avoiding public stances on hot button iss...

Donating to help women get abortions is a First Amendment right – protected by Supreme Court precedents

An abortion provider in San Antonio had to turn patients away after the June 24, 2022, Supreme Court ruling. Gina Ferazzi/Los Angeles Times via Getty ImagesSeveral Texas abortion funds – which are charities that help people...

Content & Technology Connecting Global Audiences

More Information - Less Opinion