Steps that can help you build a collaborative security culture

Steps that can help you build a collaborative security culture

Apathy and frustration among employees working from home may give rise to security breaches if they are not managed well. What can CISOs do to protect their organisations against the threat of cyber crime?

By on

The global shift to remote working has impacted everyone – from the boardroom to the frontline, we’ve all had to adapt. It’s been stressful but, overall, remarkable how well people have pulled together in the crisis.

Amidst the chaos of a workforce sent home to do their jobs, a second pandemic was unfolding – cybercrime. According to an analysis from KuppingerCole, globally in 2020, endpoints connected to the internet experienced 1.5 attacks per minute.

As the tide of threats rises, Security Operation Centers (SOCs) are being flooded with alerts. Respondents estimate that SOC teams receive an average of 4,200 alerts each day – 23% get 5000-10000[1]. On average 14% of alerts are directly related to the endpoint.

This period of cybercriminal innovation and creativity coincided with a time where businesses have reduced visibility for security over an increasingly distributed workforce working outside the range of IT.  

Research indicates 70% of employees globally want flexible working options to continue post pandemic, and nine out of ten organizations will be combining remote and on-site working in the future.

What can CISOs do to pave the way for a dynamic, flexible and secure workforce?

  1. Position cybersecurity teams as partners, not security enforcers

The lack of security awareness among office workers is striking amongst younger generation. When asked how clearly they understood policies and guidelines for working securely from home, 39% of office workers aged 18 to 24 surveyed globally said they were either unclear about security policies or unaware of them altogether. This was 10% higher than the global average across all age groups (29%).

Office workers also face greater security risks when working from home. A breakdown in IT infrastructure and networks due to WFH initiatives are now a top worry for global risk professionals, according to KuppingerCole.

Despite this, 64% of office workers surveyed were given no additional training on how to protect their home network. In more mature IT markets in Asia, only 30% in Japan received additional training, compared to Australia (42%).

CISOs will do well by engaging more actively with end-users to understand how security impacts their workflows, as well as communicating about risks regularly to increase awareness and understanding. This way cybersecurity teams will be regarded more as partners and enablers rather than inhibitors to their productivity and effectiveness.

  1. Design better security processes

Another major finding in the HP Wolf Security study was that office workers believed security policies and technologies get in the way of their day-to-day work. Over a third (34%) of office workers globally said they see security as a hindrance. Again, this was especially true for younger employees, with 48% of 18 to 24-year-olds and 40% of 25 to 34-year-olds making the same point.

As a result, despite the increasing level of threat, 76% of IT teams felt security had been forced to take a back seat to business continuity during the pandemic. The same percentage felt they’re in a no-win situation where they’re being told to lock down security while being pressured to create shortcuts to enable innovation. And almost all (91%) felt pressured to compromise security if it benefitted business continuity, including 55% in Japan and 48% in Australia who described that as “significant” pressure.

Such a compromise cannot continue. All signs point towards an urgent demand for security processes and solutions to be designed with seamless business continuity in mind. If security is too cumbersome, office workers will once again find a way around it. Instead, security should fit into existing working patterns and flows, with technology that is unobtrusive, secure by design and user-intuitive.

  1. Share the burden of responsibility

Our data shows that cybersecurity teams felt they are often seen as the “bad guys” and feel unheard when they raise an alarm. People need to embrace security as an enabler in their personal lives. They will not be to check their bank balance, shop online, communicate and do any manner of things without guardrails that security provides.

Through clear, compelling communication, engaging training and education, and rewarding good behaviours, CISOs can build a positive security culture that is rooted into the organisation and embraced by all.

Simple adjustments such as providing the rationale behind a security decision or moving away from one-way instruction to seeking user input before deploying new policies will significantly change how new policies are received.

By building collaborative security partnerships across the workforce, and making securing the business an end-to-end discipline, cybersecurity will start to become a cultural cornerstone.

[1] Figures based on an average organization size of 492 employees

Koh Kong Meng is Head of Personal Systems, Greater Asia, HP

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia

Most Read Articles