Everyone Is Needed to Make Cybersecurity Matter. Why?
When it comes to cybersecurity, everyone needs to be part of the solution if we ever hope to slow the rising tide of cyberattacks
Nearly 4.5 billion people—about 60% of the world’s population—were actively online last year. Every one of these individuals conducted business, shopped, handled their finances or browsed for information using a computer, tablet, smartphone or some other connected device at home or work.
But while greater global connectivity brings a wealth of benefits, we often fail to recognize that all of these connected people pose a potential cyberthreat to themselves and those around them.
As consumers, we have reached an important crossroads; we want security professionals, high tech companies and government agencies to protect us from cyberthreats, yet we, too, bear responsibility for securing our connected systems and data. If we ever hope to slow the rising tide of cyberattacks, everyone needs to be part of the solution.
Cybersecurity Versus Data Privacy
In my role as Chief Information Security officer, I frequently find that one of the most misunderstood distinctions is between cybersecurity and data privacy, which intersect but are not interchangeable.
Cybersecurity focuses on protecting data from theft and breaches. Security of personal information is foundational to privacy, but privacy also governs how data concerning individuals are collected, shared and used. However, without security, privacy does not exist. Being mindful of data privacy considerations as we conduct online business is very important. But as consumers, we also need to understand our role in maintaining a secure ecosystem of connected devices.
As an example, we might click hyperlinks in emails from unknown people, opening the door to malware. We use simple passwords or fail to update them regularly, making it easier for hackers to infiltrate our devices. And at work, we assume the IT department has everything under control and don’t exercise as much caution as we should. As such, most security professionals say insiders—employees, partners and contractors—are the single largest cyberthreat to most organizations. In fact, according to a recent survey, more than 70% of companies are vulnerable to insider threats and user error is driving most of that problem. Whether you are an employee of a company or an individual seeking to prevent identity loss, recognizing your own role in security can help avoid these user errors.
Endpoints Under Assault
But having better digital hygiene is only half of the equation. Individual consumers and end users of technology at work also need to recognize that comprehensive data privacy and security isn’t just about protecting networks with firewalls, software and IT-enforced policies; it’s also about making security-minded purchase decisions for endpoint devices, such as laptops and printers.
In a new study, 68% of IT security professionals said the frequency of attacks against the endpoint devices under their watch has increased over the past 12 months. Ransomware attacks also picked up .
Consumers are directly affected as well. At least 7.9 billion credit card numbers, home addresses, phone numbers and other sensitive customer data were exposed through 5,183 data breaches during the first nine months last year.
This is likely to grow and magnify as connected devices continue to evolve and bind our lives to the digital world even more. For example, with speeds 100 times faster than current wireless technology, 5G networks are expected to catapult internet of things (IoT), smart city and autonomous vehicle technologies to new heights. It will also greatly expand the global threat surface by opening millions—possibly billions—more internet ports for hackers to poke, penetrate and pilfer.
Taking Insiders Into Account
There are no easy solutions for combatting rising threats. Most of us see the advantages of all the incredible technology coming our way and inadvertently overlook the need to protect ourselves against related threats, both at home and at work.
Companies can help by recognizing that employees are unlikely to change on their own. They can seek to build cybersecurity cultures, combining strong policies and procedures with ongoing education and training for staying digitally safe in the office, at home and while online remotely.
About 80% of organizations are already doing this on some level, according to an ISACA Cybersecurity Culture survey of about 4,800 international professionals. However, 95% of organizations say there is still a gap between their current and desired cybercultures. Until these endeavors become more successful, business leaders must make every equipment purchase decision a security decision.
One place to start is with network printers, which are every bit as vulnerable to cyberattack as PCs but are often overlooked. Only 16% of IT professionals see printers as high risks, according to a Spiceworks survey. It’s critical to only consider network printers with built-in features that can detect and even self-heal from malware.
Some PCs also come with built-in defenses, such as hardware enforced security features and layers of protection that function above and below the operating system to proactively prevent threats and quickly recover in the event of a breach. Features also exist that protect employees from clicking on the wrong things while surfing the Internet and integrated privacy screens keep information on their displays safe from prying eyes.
With cyberthreats becoming more prevalent, no organization should disregard the added safety these types of features present. Everyone, from business leaders to individual consumers, must come together to combat this threat or risk being overtaken by it.