W

ith the recent ransomware attack leaving several corporations, public institutions and organizations across the globe feeling the need to shed a tear, the issue of cybersecurity has come under scrutiny once again. The Asia Pacific, home to scores of established and up and coming businesses, has become particularly vulnerable to threats from cyberspace.

In Indonesia, the ransomware attack, also known as “WannaCry”, struck two hospitals in Jakarta, locking up the information technology (IT) system including important data such as patients’ health records and billing information.

In a business environment where firms are facing such heightened levels of security breaches, organizations are investing in more sophisticated and robust infrastructure to protect their data, assets and reputation. Yet, the effectiveness of these solutions is increasingly dependent on one often overlooked business commodity — employees.

With the rise in BYOD (bring you own device) and flexible working practices, employees are often the biggest threat to safeguarding a company’s data and Internet Protocol (IP) against cyber criminals. Staff negligence and indifference to IT policy is one of the most significant inhibitors to cloud security, as noted in Business Cloud News last year.

Further, there is a clear lack of security understanding. Almost two-thirds of companies attribute “employees’ lack of cyber security knowledge” as the biggest inside threat and only one in 10 Asia-Pacific companies fully understand how cyberattacks are performed, as Trend Micro noted.

In a study by the Ponemon Institute for Citrix in March 2017, titled “The Need for a New IT Security Architecture: Global Study,” over half (60 percent) of respondents from the Asia-Pacific stated that employees and third parties bypass security policies and technologies because they are too complex. This complexity continues to drive shadow IT in the region.

This lack of education and awareness is leading to two types of companies emerging — one that knows it has been hacked and one that does not. If individual employees are not fully aware of how breaches occur and do not take steps to not only protect IP but also monitor and alert managers about cyber issues, the door is continually left open for cyberattacks.

What are some ways organizations can do this, and allow staff to work the way they want to while ensuring confidential data and competitive IP is safeguarded in the data center? How can they promote a resilient and active security culture, while empowering staff with knowledge and education?

First, security needs to be embedded as part of the day-to-day running of the business to ensure it stays front-of-mind and becomes ingrained in core business processes. It’s the “human firewall” effect, whereby employees become integral to the security solutions rather than the problem.

As such, security policies should be developed collaboratively across the company from top to bottom, with input from as many stakeholders as possible playing an equal part.

Some organizations take this approach one step further, developing fake phishing emails and distributing them to staff, to alert IT teams to more susceptible employees. Identified employees can then be enrolled in additional training on how to spot a sophisticated scam.

Employers have a duty to arm all employees with the necessary tools, guidance and training to protect their organizations. By organizing certifications, comprehensive curriculums and free learning opportunities to develop employees and their security awareness, employees’ ability to recognize and respond to potential attacks will be enhanced.

Smart organizations should take an even more active role in engaging and uniting employees against breaches and security issues. Creating a culture of security advocates who are well informed and feel compelled to help protect the intellectual property of their employer is vital to long-term protection.

This can be enabled and promoted in various ways, including the use of fake phishing attempts or mock breaches to develop the security awareness of employees and their ability to recognize potential attacks.

This approach gives the individual more responsibility and accountability in preventing attacks so that everyone can contribute to shared goals of advancing and protecting the business and its culture.

Lastly and most crucially, any approach must be underpinned by the appropriate technology infrastructure to support and protect a modern, collaborative and mobile workforce, while ensuring data is safe within the data center. Without this foundation, any “security-minded” company culture will have its vulnerabilities.

When surveyed, 41 percent of respondents from the region stated that visibility into all business-critical applications and systems was critical for a successful security framework.

Core security pillars should include; identity and access, network security, app security, data security, and monitoring and response. Any technology deployed to support your business’ security needs should provide you with a view across the organization, the network, apps, data and down to an employee level to help ensure critical assets are secured to suit the demands of the modern workforce.

Employees will be able to work productively from anywhere, without security being compromised.

As workforces become increasingly mobile and the spotlight on cybersecurity evolves further, it’s clear that robust infrastructure is only fully effective when supported by proactive, educated and breach savvy staff.

To ensure companies and their teams can work effectively and productively from anywhere, steps must be taken so that staff are no longer considered a threat. This is very much within reach for all businesses and promises to be a key agenda item as cyber security continues to gain a presence on the international agenda and in our working lives.
___________________________

The writer has more than 18 years experience in IT industry in Indonesia. He is currently Citrix Indonesia country sales manager. The views expressed are his own.