5 Ways CISOs Can Spread Awareness about Cyber Security
By Sandeep Kamble
In these trying times we have moved our literal living to a virtual platform, from education, banking, retail, healthcare, learning, working, shopping and even having virtual parties and festive get-together’s! Even as we are getting used to the new normal and moving to this increasingly digital lifestyle, businesses and organizations continue to battle regular and grave cyber frauds/ crimes, making them extremely vulnerable.
As per an Impact report released by Uni-commerce, India’s leading ecommerce focused SaaS platform, titled ‘E-commerce Trends Report 2020’, e-commerce has witnessed an order-volume growth of 17% as of June 2020, and about 65% growth in single brand e-commerce platforms. However, as of the first quarter of 2020, India has also recorded a 37% rise in cyber-attacks. Risks like data leakage, connection to unsecured Wi-Fi networks, phishing attacks, ransomware, spyware, apps with weak encryption (also known as broken cryptography) are some of the common cyber threats plaguing us. Being the second largest consumer for smart devices and a country with one of the largest base of internet consumers, India continues to remain a sitting duck, vulnerable to several national and international cyber-attacks.
The increasing remote desktops and work from home policies adopted by companies in the wake of the pandemic, are further making it increasingly important for firms to not only create a robust cyber security infrastructure but to also spread enough awareness about the need for cyber security.
Some of the key ways in which CIO/CISOs can spread awareness about cyber security among its stakeholders, include:
Threat analysis: Considering the lack of accurate information and awareness of cyber threats, the first step to building cyber security awareness within a corporate ecosystem is to highlight the risk factors, threats and the current cyber security analysis that talks about the types of threats (including ones specific to the industry), and the grave consequences that can lead to not just financial losses but even loss of credibility and in some cases, life (In case if health tech).
Training and education programs: A detailed training program which talks about cyber security protocols, basic do’s and don’ts and how to be vigilant about the various cyber threats and frauds can go a long way in ensuring that employees are well aware of the gravity of the problem and are playing an active role in the prevention of the cyber-attack.
Ensure vigilance and ownership: Given the grave threat posed by online frauds, it is important to understand and convey to the stakeholders that adequate awareness about cyber security, the steps one needs to take so as to avoid attacks and vulnerabilities and to be vigilant about online security, needs to be everyone’s responsibility. Cyber security is no longer the sole responsibility of a bunch of IT team members or external vendors but requires a vigilant and aware force of individuals to combat the online threat.
Make it a mandatory practice: A work environment which involves cyber security as a priority should be introduced. Making it a well discussed topic, especially among those dealing with sensitive data exchange and financial transactions, should have cyber security as a major SOP and be well trained to follow the procedures. Apart from this, it is important for employees and stakeholders to be well aware about the specific threats to their line of business or industry sector, especially by comparing past incidents as well as observing market and cyber-attack trends.
Rewards and Recognition: This is one of the best forms of encouraging mindful action and transforming the attitude towards cyber security awareness. By acknowledging and rewarding responsible behavior, one automatically is able to create a seriousness and aspiration among employees to be more mindful and aware about their cyber security protocols.
Even as we are trying to deal with the threats, the type of cyber-attacks are also evolving, creating a more complex and advance set of vulnerabilities. From basic phishing and ransomware, malware threats to social engineering, cloud vulnerabilities, attacks on smart devices and data theft and frauds, are jeopardising the fast paced digital adopting across industries. While other factors like outdated systems or processes, and an un-organised cyber security infrastructure, are factors impacting online security, lack of cyber security awareness is a major factor that is causing high risk/ high vulnerability scenarios – something that needs to be addressed on an individual, organisation, industry and economy level.
(The author is Founder & Chief Technology Officer at SecureLayer7 and the views expressed in this article are his own)