Unmasking the human element in cybersecurity in a pandemic time

IMAGINE this: your company has a precious treasure to protect, the defences with the latest technology were set up.

However, the guards on duty were not informed of the treasure, neither were they provided the knowledge of how to navigate the defence systems.

Worse still, the guards did not recognise the treasure as something to be protected.

When the enemy came, they easily bypassed the guards, disabled the security systems, and stole the treasure, demanding a large sum of money in return for it.

In the context of cybersecurity for businesses, it is not difficult to guess which elements of the story represent the company data, cyber defences, employees and ransom, in the instance of ransomware.

While one might dismiss this scenario as silly or implausible, it is an increasingly pertinent issue many companies are facing.

While it is natural instinct for IT personnel to respond by fortifying their cybersecurity infrastructure in an attempt to contain the breach, this is not the end of it all.

When it comes to cybersecurity, non-IT personnel have been found to be a company’s weakest link.

Unfortunately, more needs to be done to ensure employees do not end up becoming a company’s Achilles’ heel.

The risk from within

For the first time ever last year, companies across the world rushed to pivot online as the pandemic spread across the world.

In a span of a few days, employees brought home their work, and as the weeks turned to months, employees got used to working from home – setting up conducive office spaces as a sense of normalcy returned.

However, in the midst of setting up office spaces, an important aspect of telecommuting was missed.

In a survey we conducted, around half of respondents had never worked from home before, and almost three quarters of them had not received any guidance or training when it came to cybersecurity awareness.

Over time, the physical workstation was all set, but there were gaps in how organisations provided employees with the basic IT knowhow and refresher on basic cyber hygiene practices.

While social distancing measures proved to stem the spread of the coronavirus among co-workers, somewhere in the cybersphere, these same employees – uninformed or plain careless – were potentially allowing malware and viruses to spread.

It might come as a surprise to some that employees are one of businesses’ largest vulnerabilities.

However, more than half of businesses believe their cyber risk stems from within.

The top three cybersecurity worries of a business are often related to employees or human error – sharing inappropriate data via mobile devices (47%); physical loss of mobile devices exposing the organisation to risk (46%); and use of inappropriate IT resources by employees (44%).

BYOD – Bring Your Own Dangers?

As employees continue adjusting to their home work environments, the divide between home and work blurs – more than half of those working from home admitted to watching adult content on the same devices they use for work purposes.

While not all employees might exhibit such behaviour to this extent, 49% of employees have admitted to using personal email accounts for work-related matters since working from home, and 38% use personal messengers that have not been approved by their IT departments.

This is the perfect recipe for cybercriminals to breach corporate data and devices. Moreover, in some instances, simply being connected to the same network could even put the most careful worker’s device at risk.

Some malwares, such as worms do not require human help to infect, self-replicate or propagate, but infect their entry point and spread through devices that connects to the same network.

It may be seemingly innocent for employees to cross-use between personal and work devices while working from home.

However, with 73% of employees not receiving any IT security awareness training from their employer since transitioning to working from home – this alludes to almost three quarters of remote employees blissfully unaware of the dangers lurking online.

Of cybersecurity incidents faced by businesses in the past 12 months, 11% of them involved careless employees and falling prey to phishing or social engineering attacks. The simple action of clicking on the “wrong” email actually sent by threat actors could lead to disastrous

effects of putting their company’s data or systems at risk. This could be avoided had there been proper training on how to behave appropriately and awareness of protecting the business.

During these times of remote working, when employees are spread across various locations in the country or even world, it is indeed a challenging task for IT personnel to ensure they continue carrying out their jobs well.

Ensuring the continued safety of a company will indeed take the combined efforts of all employees.

One of my favourite analogies regarding the prevention of potential cyber threats and to demonstrate the importance of businesses shoring up their cyber defences is simple: If you would never leave the front door of your house open all day with the possibility of someone walking in, think of your computers and cyber defences the same way.

Keep your network access and your systems tightly secured, and do not leave any opportunity for a cybercriminal to get in through open windows or doors.

No one is immune to cyber threats, nor can we prevent the instance of it from happening. However, good cybersecurity system can mitigate its impact or minimise any disruptions faced. – Sept 26, 2021


Chris Connell is managing director for Asia Pacific at Kaspersky.

The views expressed are solely of the author and do not necessarily reflect those of Focus Malaysia.

Subscribe and get top news delivered to your Inbox everyday for FREE