These are the questions that contribute to sleepless nights for business leaders. Executives constantly grapple with cybersecurity risk — the threats, vulnerabilities, tools, solutions and the stakes. Understandably, they tend to look to the IT department, the primary protector of corporate networks and data, for answers.
After all, cybersecurity is a technology issue, right? At least that’s how most organizations view it — next-generation firewalls, anti-virus software, intrusion detection solutions, orchestration tools and credential management technologies.
Active cyber defense is a technology game, and businesses will play it to the tune of $96 billion in 2018, according to research firm Gartner. Each individual business will also buy many cybersecurity products. Gartner predicts that 60 percent of cybersecurity spending this year will include the purchase of multiple tools.
The short answer is no. According to PwC’s Global State of Information Security Survey, cybercrime keeps growing despite the increased spending on security technology products and services. Since 2011, U.S. businesses have seen a 60 percent compound annual growth in cybercrime.
What can businesses do to realize a return on their cybersecurity investment? A modest investment in cybersecurity awareness and education for employees can transform your workforce into a highly effective line of cyber defense.
More often than not, a cyber breach is facilitated by an employee. According to London-based Willis Towers Watson’s review of historical claim data, 90 percent of all cybercrime claims stemmed from some type of human error or behavior. Considering a relatively minor oversight — like clicking on a phishing email or scribbling a password on a piece of scrap paper — can lead to a major breach. Programmatic training and employee communication can make a big difference.
With cyber permeating every aspect of the enterprise, cyber risk is everywhere. Employees can be very effective cyber sentries against this risk, but they need to know what to do, what to look for and how to report what they see.
Business leaders can build this people-powered capability through constant communication, including regular reminders to be vigilant and use best practices for both data privacy and network security, as well as delivering continuously evolving micro-training content to educate workers on common and current exploits and how to recognize them.
In the most successful businesses, each employee understands the role he or she plays in the profitability of the business. The same applies here. Each employee plays a critical role in their organization’s cybersecurity, and the more employees understand that role and what’s at stake, the more secure the organization will be.
Build a culture of cybersecurity in your organization. Embed it in your corporate culture to ensure awareness and understanding throughout your workforce. Don’t rely solely on technology. In the face of relentless and sophisticated cyber adversaries, put the human element to work protecting networks and information with a cybersecurity mindset that pervades the organization and is ingrained in every employee.
The next innovative cybersecurity technologies and new hardware and cloud products with “baked in” security are just around the corner, but your organization’s people and their behavior are the real key to security.
This article was originally published in the Baltimore Business Journal.