Rediscover trust in cybersecurity | MIT Technology Review


The world has undergone tremendous changes in a short period of time-the world of work has also changed. The new hybrid remote and office work world has had an impact on technology (especially cybersecurity) and shows that it is time to acknowledge the true degree of intertwined humans and technology.

Supporting a fast-paced, cloud-driven collaborative culture is essential for fast-growing companies, helping them to surpass innovation, surpass competitors, and wisely surpass competitors. However, achieving this level of digital speed is accompanied by rapidly growing cybersecurity challenges, which are often overlooked or overlooked: Insider risk, When team members accidentally (or are not) sharing data or files outside of a trusted party. Ignoring the internal connection between employee productivity and internal risk will affect the organization’s competitive position and bottom line.

You can’t treat employees like a nation-state hacker

Internal risks include any user-driven data breaches—security, compliance, or competitiveness—that endanger the financial, reputation, or operational well-being of the company, its employees, customers, and partners. Thousands of user-driven data breaches and leaks occur every day, and these incidents stem from accidental user errors, employee negligence, or malicious users with the intent to cause harm to the organization. Many users simply make decisions based on time and rewards, sharing and collaborating with the goal of increasing productivity, thereby unexpectedly creating internal risks.Other users are at risk due to negligence, and some users have malicious intent, such as Employees steal company data Bring to competitors.

From the perspective of network security, organizations need to treat internal risks differently from external threats. For threats such as hackers, malware, and nation-state threat actors, the intent is clear-it is malicious. But the intention of employees to create internal risks is not always clear-even if the impact is the same. Employees may leak data due to accident or negligence. Fully accepting this fact requires a change in the way of thinking of the security teams. These security teams have traditionally operated with a bunker mentality-under siege from the outside world, their cards are tightly attached to their vests so that the enemy cannot gain insight into their defensive measures to deal with them. Employees are not opponents of the security team or the company—in fact, they should be seen as allies against internal risks.

Transparency promotes trust: building a foundation for training

All companies want to keep their crown jewels-source code, product design, customer lists-from falling into the wrong hands. Imagine the financial, reputation, and operational risks that can be brought about by important data leaked before an IPO, acquisition, or earnings conference call.Employees play a pivotal role in preventing data leakage, and there are two key elements to prevent data leakage Turn employees into internal risk allies: Transparency and training.

Transparency may be inconsistent with network security. For a cyber security team operating with a confrontational mentality suitable for external threats, it can be challenging to respond to internal threats in different ways. Transparency is about building trust between both parties. Employees expect their organization to believe that they will use data wisely. Assuming that most employees’ actions have positive intentions, the security team should always start from a place of trust. However, as the proverb in network security says, “trust but verify” is very important.

Monitoring is a key part of managing internal risks, and organizations should be transparent about this. CCTV cameras will not be hidden in public places. In fact, they are usually accompanied by signs announcing surveillance in the area. Leadership should make it clear to employees that their data movements are being monitored—but their privacy is still respected.Large differences in monitoring data move And read all employee emails.

Transparency builds trust-on this basis, the organization can focus on reducing risk through training to change user behavior. Currently, safety education and awareness programs are niche. Phishing training may be the first thing that comes to mind because it was a success and made employees think before clicking. Except for phishing, there is not much training that allows users to understand what they should and should not do.

First, many employees don’t even know where their organization is. What applications can they use? If these applications want to use them to share files, what are their participation rules? What data can they use? Do they have the right to access this data? Does the organization even care? The cyber security team deals with the large amount of noise that employees make when they do things they shouldn’t. What if you can reduce noise by answering these questions?

Training employees should be proactive and responsive. Proactively, in order to change the behavior of employees, organizations should provide long and short training modules to guide and remind users of the best behavior. In addition, organizations should respond with micro-learning methods using bite-size videos designed to address highly specific situations. Security teams need to learn from marketing and focus on delivering repeated messages to the right people at the right time.

Former business leader Understand internal risks It is not only a cyber security issue, but also an issue that is closely related to organizational culture and has a significant impact on the business. They will be in a better position to surpass innovation, surpass and surpass competitors.In today’s Hybrid remote and office work world, The human factor in technology has never been more important. This is why transparency and training are essential to prevent data from leaking outside the organization.

This content is produced by Code42. It was not written by the editors of MIT Technology Review.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *