Enterprise network strategies often forget the human factor in cybersecurity, leading to more cyber attacks and catastrophic outcomes.
When we think of enterprise-level information systems, we think of a network of all the digital systems and tools that automate the collection, analysis, and communication of information to drive operations and business decisions. This might include the enterprise’s servers, the software, which may be powered by artificial intelligence, and the web of data gathering and sharing devices, which includes computers and smartphones. In addition to these key elements, there is one crucial system component that is often ignored - the people involved. And just like the human involvement in information systems is overlooked, businesses also tend to neglect the human factors in cybersecurity, potentially leading to severe consequences. How? Let’s take a look at a hypothetical scenario:
While on vacation, Jane, a regional sales head for a multi-billion dollar corporation, receives an email on her phone. It’s from Bill, her office’s IT administrator, who she also happens to know well personally. The message begins with an apology for briefly interrupting her vacation, but states that something urgent needs to be done. Bill asks Jane to quickly reply with her log-in credentials for their proprietary CRM application, as there seems to have been some issue that needs to be fixed ASAP! Jane, partially unsuspecting and partially wanting to get back to vacation-mode, types in what’s asked of her and hits ‘Send.’ And then she gets on with her vacation. A week later, Jane returns to work and is shocked to find out that the company’s CRM database that contained the personal information of thousands of customers had been hacked into and the information leaked. Jane hadn’t noticed that the email she had received, supposedly from Bill, was a phishing attempt. And a successful one at that.
The security of any system is only as strong as its weakest link. When it comes to enterprise network security, the weakest link happens to be the people involved in the system. Although organizational security systems are getting smarter and better with time, but so are organizational security systems. The growing role of Artificial Intelligence and machine learning algorithms in security ensures that organizational data remains protected despite the evolving threats. Combining the existing algorithmic security systems with technologies like blockchain can make security even more secure, at least in a theoretical sense. However, it is important to note that most cyber attacks succeed due to the vulnerability caused by ‘human factors’ in cybersecurity. Over 90% of successful cyber attacks happen due to phishing, which exploits people’s unawareness and lack of judgment in differentiating between genuine and fraudulent communications. This more than confirms the fact that investing in the smartest security systems cannot guarantee the protection of confidential data. And organizations are in fact investing heavily in cybersecurity, with the global spending on cybersecurity estimated to exceed $1 trillion from 2017 to 2021. In order to completely protect data from illicit access and loss, investing in smarter systems should go hand-in-hand with making people smarter with regards to security. Now, don’t get me wrong. By smarter I don’t mean to question people’s intelligence or their knowledge of digital security.
Being smarter has little to do with technical know-how and more to do with mindfulness.
Being smart in the context of security means being aware of who you receive communications from, what links you click on, or which attachments you open, the different types of cyber crimes and threats, and of organizational communication, privacy, and security policies.
And the need for smartness does not only apply to devices, software, and the primary users of these devices, but to the organizational pyramid as a whole. This includes the top leadership, that may not necessarily be involved in using the data management systems, but is required to communicate internally using organizational channels. Strengthening data security should take both a top-down and a bottom-up approach to ensure there are minimal loopholes in terms of policy, technology, and people.
To have a foolproof, robust security system protecting enterprise-wide networks, organizations should plan and invest not only in the best technology available, but also in making their people more aware of cybersecurity. The following practices can help organizations form a well-rounded threat prevention strategy:
With the introduction and propagation of the Internet of Things (IoT), which connects every conceivable electronic device, right from your smartphone and smartwatch to the national power grid. With every device that gets added to the IoT network, the risk and the severity of the outcome of a security failure increases. Thus, now is the most ideal time for organizations, both business and otherwise, to improve the technological as well as human factors in cybersecurity.
Naveen is the Founder and CEO of Allerin, a software solutions provider that delivers innovative and agile solutions that enable to automate, inspire and impress. He is a seasoned professional with more than 20 years of experience, with extensive experience in customizing open source products for cost optimizations of large scale IT deployment. He is currently working on Internet of Things solutions with Big Data Analytics. Naveen completed his programming qualifications in various Indian institutes.