A common misconception is that technology, such as a piece of software or a sophisticated firewall, is what constitutes the cyber security capacity of an organization. However, cyber attacks come in many forms, and technology alone cannot protect you. Effective and robust cyber security requires an information security management system built on three pillars: people, processes and technology.
A comprehensive study found that 1 in 2 employees is likely to open and read phishing emails, and 1 in 3 is likely to click the links in phishing emails (that may lead to the silent installation of malware/ransomware) or download attachments (KeepNet Labs, 2019).
Therefore, training in awareness is the key to success in building the ultimate defence against cyber-attacks.
Here is what an employee can do to help reduce successful cyberattacks:
These simple steps may reduce risk significantly.
Processes may include:
A company needs to follow a proper procedure to reduce the risk of cyber threat. Processes should define that the organization’s activities, roles and documentation are used to mitigate cyber security risks. As cyber threats keep changing, processes are required to be updated.
Technology is crucial. However, it is only as good as the people who use it. Therefore, it is essential to use technology that meets your need, and that is simple yet effective for staff to manage. Too cumbersome security systems are known for being short-circuited by impatient employees.
Various technologies are used for cyber security protection, such as firewalls and VPN. However, the functionality of these components and the “hardening” (changing settings to increase security, close unused ports or turn off mom-essential services) of the system are just as important.
Alignment is key
The balance in the importance of these three pillars varies between companies. For example, a high profile enterprise will have a higher risk of a targeted attack. Therefore, it should seek more advanced technical protection than a small company, which is more likely to be exposed to automated attacks.
Regardless of your company’s size, by adopting this three-pillar approach to your cyber security strategy and ensuring that the pillars are correctly aligned, you are far better prepared to meet the cyber threats of tomorrow.