Rediscover Belief in Cyber ​​Security MIT Technology Review

In a short time the world has changed dramatically – and so has the world of work. The new hybrid remote and technology has an impact on the world of work in the office বিশেষ especially cyber security এবং and signals that it’s time to acknowledge how interconnected people and technology actually are.

Activating a fast-paced, cloud-driven collaboration culture is important for fast-growing companies, to innovate, improve and outperform their competitors. Achieving this level of digital speed, however, brings rapidly growing cybersecurity challenges that are often overlooked or overlooked: internal risks, when a team member accidentally – or not – accidentally shares data or files outside of a trusted group. Ignoring the underlying connection between employee productivity and internal risk can affect both an organization’s competitive position and its bottom line.

You can’t treat employees the way you treat Nation-State hackers

Internal risks include user-driven data exposure events া safety, compliance, or competition যা that jeopardize the financial, respectable, or operational well-being of the company and its employees, customers, and partners. Thousands of user-driven data exposures and exfoliation events occur daily, which are accidentally triggered by malicious users for the purpose of user error, employee negligence, or damage to the organization. Many users accidentally create internal risks, making decisions based solely on time and rewards, sharing and collaborating to increase their productivity. Other users create risks due to negligence and some have malicious intentions, such as an employee stealing company data from a competitor.

From a cybersecurity perspective, companies need to consider internal risks separately from external threats. With threats like hackers, malware and country-state threat actors, the motive is clear এটি it’s malicious. But the intentions of employees who pose internal risks are not always clear – even if the impact remains the same. Employees may leak information by accident or due to negligence. To fully acknowledge this fact requires a change in the mindset of the security forces that historians have historically operated with a bunker mentality – in the siege from the outside, holding their cards to the West so that enemies do not gain insight into their defenses to use against them. The fact that employees are not opponents of any security team or company should, in fact, be seen as an ally in dealing with their internal risks.

Transparency Feed Trust: Laying a foundation for training

All companies want to end up with their crown jewels – source code, product design, customer list keep in the wrong hands. Imagine the financial, reputable, and operational risk that material information may leak before calling an IPO, acquisition, or earnings call. Employees play an important role in preventing data leaks and there are two important elements in turning employees into internal risky allies: transparency and training.

Transparency can be contrasted with cyber security. For a cyber security team working with a hostile mindset suitable for external threats, dealing differently with internal threats can be challenging. Transparency to build trust on both sides. Employees want to feel that their organization relies on them to use data wisely. Security teams should always start from a place of trust, assuming that most employees have a positive motive for their actions. However, in cyber security, as the saying goes, “believe, but verify” is important.

Monitoring is an important part of internal risk management, and agencies should be transparent about this. CCTV cameras are not hidden in public spaces. In fact, they often live in the area with signs of surveillance. Leadership should make it clear to employees that their data movement is being monitored – but their privacy is still respected. There is a big difference between data observation Movement And read all employee emails.

Transparency builds trust – and with that foundation, an organization can focus on risk reduction by changing user behavior through training. At the moment, safety education and awareness programs are niche. Phishing training is probably the first thing that comes to mind because of the success it forces the staff to think before moving the needle and clicking. Outside of phishing, there is not much training for users to understand, exactly what should and should not be done.

To begin with, many employees do not know where their organization stands. What applications are allowed to use them? If they want to use it to share files, what are the engagement rules for those apps? What data can they use? Do they deserve that information? Does the organization even care? The cyber security team makes a lot of noise by employees that they shouldn’t. Can you cut that noise by answering this question?

Training staff must be both active and responsive. To actively change employee behavior, organizations should provide both long and short-form training modules to instruct and remind users of best practices. In addition, companies should respond to micro-learning approaches using bite-sized videos designed to address highly specific situations. The security team needs to take a page from marketing, focusing on repetitive messages to the right people at the right time.

Once business leaders realize that internal risk is not just a cyber security issue, but it is closely linked to an organization’s culture and has a significant impact on business, they will be in a better position to innovate, outperform and outsmart their competitors today. World of hybrid remote and office work, The human component that exists in technology has never been more significant. So transparency and training are essential to protect information from being leaked outside the organization.

This content was created by Code42. It was not written by the editorial staff of MIT Technology Review.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *