CIO OPINION
• 35 % who saved passwords in their browser .
• 32 % who used one password to access multiple sites .
• 23 % who connected a personal device to the corporate network .
Comprehensive and continuous risk assessment
In dealing with this risk landscape , a classic mistake has been to approach cybersecurity from the standpoint of individual endpoints . A better approach is to begin with a comprehensive and continuous risk assessment of the data and applications with which they are accessed . That ’ s actually what cybersecurity is designed to protect . Our job is to help reduce the risk to the organization ’ s business and help employees be successful .
There is another element which is often overlooked : employee education in cybersecurity issues . Educating users remains valuable , although human defenses can never be the whole story in a risk-based cybersecurity strategy . After all , it is exactly what cybersecurity teams have been trying to do with varying degrees of success for 20 or 30 years .
Looking at the survey data , just 44 % of respondents received cybersecurity training in the past year ( Australia / NZ 43 %, Singapore / Malaysia 54 %, India 64 %, Japan 37 %). This meant that more than half of the employees surveyed were left to cope alone with the fearsome threat landscape created by home working . Smaller organizations were the least likely to have given their staff cybersecurity training over the past year .
That doesn ’ t mean we should stop trying . Cyberawareness training must evolve into awareness , behavior and culture that is a long term continuous cyber-education strategy . We still want better educated users to be able to identify risks and report them , even if they can ’ t always prevent incidents . The more people you have on the front line that are able to report risks , the earlier you will know about them and the better you will be at reducing them or preventing them from turning into cyber-catastrophes .
Background security controls
At the same time , we want to make sure that when users click on the wrong link , for example , the security controls in the background will detect potential risks . They should bring important information to the foreground that users need and report the incident for additional checks . The more we move security to the background , where we make security work automatically and seamlessly , the better it is for the user and the organization . We must make security usable and help the employee be successful .
It is not just enterprise users who connect to networks and introduce risk to an organization ’ s systems and
A classic mistake has been to approach cybersecurity from the standpoint of individual endpoints .
www . intelligentcio . com INTELLIGENTCIO APAC 45