Blog Articles

The personal elements of organizational cybersecurity

Cybersecurity is a constant, overarching concern for a variety of private businesses and government agencies. No matter the specifics, a company must place the right level of emphasis on digital defense if it has valuable information and assets stored on hard drives or in the cloud.

Complete cybersecurity measures must involve staff as well as systems and processes

One way to view successful cybersecurity efforts is through a triangular approach. Namely, successful digital defense efforts include the right technology to defend against threats and intrusions; the right processes to share and examine information internally and externally; and the right people to drive decision-making efforts and, based on the situation, either use critical thinking skills to develop a response to a unique circumstance or commit to existing standards for a more run-of-the-mill attack.

"Even when a company has decided its digital defense efforts are satisfactory, leaders must still engage employees and emphasize best practices."


The unique issues facing people incybersecurity
The human element is unique in all forms of organization and systems planning - unlike a machine on the assembly line that performs the exact same motion repeatedly or a software program that consistently limits access to secure information, people are not constantly and immediately reliable. They must be involved in cybersecurity efforts not only when it comes time to implement new software and change the programs used during the workday, but also in educational and collaborative aspects before, during and after system upgrades. Even when a company has decided its digital defense efforts are satisfactory and plan few or no changes to those parts of the process, leaders must still engage employees, emphasize best practices, answer questions and clear up misconceptions.

The Wall Street Journal recently examined the issues found in large companies when it comes to employee involvement in cyber defense concerns. The piece points out that no training program or effort will ever lead to absolute, 100 percent compliance with best practices. That's not to say these courses and other reminders don't help, of course, as informed employees are less likely to make mistakes that put a business's digital assets at risk. However, a more disciplined and overarching approach is likely needed, combining training efforts for employees with technology designed to limit their exposure to potentially dangerous or malicious actors. Systems that monitor internal activity are also important to consider, the Journal reported, to prevent malware that has managed to enter a company's digital network from doing any further damage.

Methods and tactics showing greater variance
One issue noted in Verizon's annual "Data Breach Investigations Report" is increased variation in the ways hackers, malware and other threats enter secured systems. More sophisticated and complicated methods of attack arise each day, but cybercriminals aren't above using more basic or older approaches as long as they still work. Verizon's research also found the involvement of more people in such breaches, with 70 percent of attacks using a combination of techniques and involving a secondary victim, making the process significantly more complicated.

Protecting staff and digital assets
It's clear cybersecurity is a rapidly changing concern that needs to adapt to the limitations of employees - no matter how well educated or informed they are - and the variable nature of attacks used by criminals. When companies can strike a balance between security and the needs of staff to access and work with vital information while placing a premium on maintaining safe internal connections, they position themselves for success. NC4 Mission Center provides a secure platform for communication and collaboration while keeping the information exchanged safe from malicious actors outside the organization.


Back to Security Risks & Intelligence | Back to All Categories