Download PDF version Contact company

More than 90% of cyber-attacks involve a human attack vector. However, despite an emphasis on cyber security training for years, employees still don't consider cyber security to be their responsibility. That doesn't mean companies should play the blame game; it's time to change the narrative so their employees who are their biggest asset don't feel criminalised.

Remote working

It’s clear the shift to remote work is not going away and this poses security challenges. People can opt to log in from outside of their employer’s network from home, coffee shops, and flexible workspaces virtually anywhere with a strong enough internet connection. 

Unlike a centralised team, where you can physically lock down confidential information, remote working means sensitive corporate data like customer lists, financial information, and source code is now everywhere. Malicious actors are well aware of this, so it’s little surprise that 90% of cyber-attacks involve a human attack vector. 

Engineering security for employees

Organisations need to remember that this is not the fault of employees, they are the victims

There's no doubt, criminals will continue to try to exploit an organisation’s workforce. However, organisations need to remember that this is not the fault of employees, they are the victims. They need to change the pervasive narrative from one in which a company’s greatest asset, its employees are made to feel criminalised and instead empowered.

Instead, organisations need to think about their responsibility to protect their staff. Employees might be in the crosshairs of hackers but its important employees feel the company has their back. No matter what role an employee plays within the business, organisations should engineer security in such a way that it's easy for them to use, understand, and implement so that they can protect themselves.

Enhancing employee security with technology

There are various ways employees unintentionally put their organisation at risk, including browsing risky websites, downloading malicious files, accessing confidential data through unsecured Wi-Fi networks, or inserting USB sticks containing malware.

It's important to note that businesses need to be able to differentiate between what is malicious and what is accidental. Mixing the two could have disastrous consequences in terms of employee morale.

Human-centric approach

Instead of pointing the finger, organisations need to develop a more human-centric approach to cyber security; one which protects their networks and data while empowering employees to continue working without fear of being exploited.

Such an approach would give them the helping hand they need to discover risks, prevent data loss, and enable regulatory compliance while educating employees on the importance of cyber hygiene.

AI and machine learning 

AI can protect employees from making mistakes and advance cyber security by instructing them in real-time

Technology has a role to play here. For example, the advances in machine learning over the past five years mean that AI can be effectively deployed to augment and enhance employee behaviour, prompting them to make safer decisions as they work.

Used in this way, AI can protect employees from making mistakes and be used to advance cyber security by instructing employees in real time and adapting to the individual behaviour of each user.

Mindset shift

While this might be seen as a common-sense solution, it is not the path that many organisations are taking in security. By casting the employee in the role of a “rogue” in the network, organisations’ default approach to date has simply been to try and block and control the employee.

Companies need only refer back to the 90% figure earlier to see how ineffectual this approach has been, mostly because staff who just want to get on with their jobs will naturally find security makes things more difficult. That is why it is so important that the use of technology is coupled with a mindset shift, companies need to stop trying to stop their employees from getting on with their work.

Intelligence and context

AI has the additional benefit of generating data on employee behaviours, that can be fed back into the system to improve their experience and also identify threats when they do occur.

This next-generation technology can be used to make sense of unstructured data across different platforms, tools, and networks, and can piece together a complete picture of what normal behaviour looks like, and what indicates risk. For example, if an employee’s credentials have been compromised and they are being impersonated on the network, the system will know.

Privacy implications

The instant feedback loop is an effective, time-efficient, and affordable alternative form of security awareness training

People may have perfectly understandable concerns regarding the privacy implications of this approach, of course. Although an organisation will have visibility into its network and will enjoy actionable intelligence as a result, the privacy of its employees must be protected by securing and anonymising their data. Employees themselves will benefit from such an approach, too.

Each time an incident occurs, they can receive appropriate security training, and real-time on-screen messages reinforcing their employer’s IT Security and Acceptable Use policies. Rather than spending time and money on classroom-based instruction, this instant feedback loop is an effective, time-efficient, and affordable alternative form of security awareness training.

Bringing employees into the fold

The narrative the cyber security industry has created around employees, presenting them as at best, a liability and at worst, a deliberate saboteur, has led to bad outcomes for both staff and the organisation.

It is beyond time that companies redirect the considerable resources they invest in blocking their employees towards tools that would help them. Risky behaviour will be more effectively mitigated with increased intelligence, productivity will increase, and employees will look more favourably at their employer.

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Quick poll
What is the most significant challenge facing smart building security today?