TECH INTELLIGENCE: Setting priorities – NJBIZ
Listen to this articleLast year, the National Institute of Standards and Technology introduced new updates to its approach to cybersecurity. According to NIST, such an approach recognizes the intersection of security, human factors, cognitive science and psychology.
Some IT support services providers know that cybersecurity involves more than just technology. A comprehensive approach to digital defense also accounts for human behavior, since cyber criminals often exploit people to carry out their attacks.
Consider how such cyber scams as ransomware, social media scams, phishing and cloud security breaches trick people into making mistakes.
They use emotions like curiosity, fear, desire, anger and anxiety. The goal is to make people share personal information or lose money. Many organizations focus on technology to protect against these and other threats but human error causes most cybersecurity breaches.
Part of the reason is that businesses are moving quickly, and employees are cutting corners to keep up. This can lead to missing important warnings about ransomware and other dangers. Working from home has also increased security risks from unsecured devices, unauthorized software, and cloud applications, making it easier for cyber attacks to occur.
But companies that prioritize their employees in a top cybersecurity program can create a strong digital defense culture. By investing in their employees’ skills and knowledge, companies can improve their overall ability to withstand cyber threats. Here are some tips to do this:
Start with your cybersecurity posture. How is information handled throughout your organization? Do all departments put a premium on digital defenses, or do their values vary? What about third-party vendors and channel partners? Your cybersecurity consultant can help identify and fix vulnerabilities in your system by reviewing it and implementing solutions.
More Tech Intelligence
Identify threats and probe them. Create a prioritized list of threats and test scenarios based on key risks. Use a third-party expert to simulate real-world attacks and evaluate if your employees fall victim. Understand how stressful environments and different levels of sophistication can impact their responses. Simulations can help design a more targeted security awareness training program.
Evaluate employee awareness. Are certain departments more prone to biases, like overconfidence? Keep this in mind as you and your third-party partner design your security awareness training program.
Formalize a list of threats and prioritize them. Once you identify weak spots, create a ranked list of threats. Based on this, your third-party IT partner can help simulate real-world attacks and evaluate your employees’ responses. Setting up gamified phishing and other simulations can enhance the effectiveness of your security awareness training program.
Promote an inquisitive atmosphere and critical thinking. Do not simply explain ways to address specific situations. Encourage employees to be cautious and aware, and provide training in analytical skills to enhance these qualities. This approach will help them to deal with unforeseen crises and disruptions.
Review employee responses. Do not just “grade and forget” employee responses to phishing and other test simulations. Instead of just looking at the results, figure out what specific problems are happening and what they have in common. Then, create training for individuals and groups to fix any problems.
Keep reviewing responses and be prepared to reengineer processes and training. Periodically test and adjust your training and processes. Bad actors are continually improving their game, and you must do the same.
Automate where appropriate to reduce human error. Although a total reliance on technology can be dangerous, automation can supplement human activity. Tools like spam filters, encryption, access rules, and password management can help prevent human mistakes. AI-enhanced security tools can monitor networks for unusual activity and identify potential vulnerabilities for security experts to investigate further.
Cyber criminals never rest, but organizations working with a trusted cybersecurity provider have a better chance of staying ahead of bad actors.
Carl Mazzanti is president of eMazzanti Technologies in Hoboken, providing IT consulting and cybersecurity services for businesses ranging from home offices to multinational corporations.
