Opinion | Want to avoid making headlines for being swindled? Secure people first
PremiumHacking is no more a cinematic fantasy. You need to prepare, anticipate, react
Home / Opinion / Views / Opinion | Want to avoid making headlines for being swindled? Secure people first
Back
PremiumMr X heads accounts at one of the world’s largest financial services companies. He gets emails from multiple vendors on release of payments, pitches and manages all the finances of the organization.
On a typical day, he is responding to at least 50 emails related to payments. On a Friday, when Mr X is mostly busy mapping assets and liabilities, he gets an email from the CEO, asking him to transfer $5 million to a bank account. In such a situation, what would you typically do? Mr X decides to transfer the money as the email clearly came from the CEO. But soon after, he realizes that he has fallen into a trap.
Mr X is not alone. Four out of five top causes of data breaches are because of human or process error. Take the example of Ubiquiti Network, which fell prey to criminal fraud involving employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department. The scam led to the transfer of $46.7 million held by a Ubiquiti subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.
These mistakes happen when a company tells its employees about cybersecurity policies only at the time of hiring, instead of making it a continuous process. Organizations have to move beyond classroom training modules when it comes to cybersecurity, and focus more on practical sessions, snippets of videos that recreate real-world situations and showcase how popular social engineering and spear-phishing attacks happen.
Hacks not only affect an organization but our daily lives too. Our laptops and phones are privy to our most intimate thoughts and actions. Our technology knows us far better than our family and that is something that should worry all of us. We are nothing but a pawn in the grand scheme of things, and with our personalities altered and our behaviour monitored and used to further corporate and constitutional greed, isn’t cybersecurity something that becomes essential for the human race as a whole? Are we really independent or merely co-dependent on the internet?
Remember the movie WarGames from the 1980s, which inspired a generation of hackers? Hacking into your school’s Chemistry paper is one thing, but instead, this 1980s kid hacker, Lightman, unintentionally accessed the War Operation Plan Response (WOPR)—a US military supercomputer programmed to control America’s nuclear arsenal. Playing World War III has never been more dangerous, as Lightman takes on the role of The Soviet Union. Imagine the fallout.
Well, this is not cinematic fantasy anymore; it’s reality and the world needs to prepare, anticipate and react, all in realtime to be able to build a safer world.
Starting from basic spear-phishing attacks to orchestrated social engineering attacks, we have seen multiple situations when people fall prey to attacks due to lack of understanding. Often, organizations restrict their cybersecurity training to basic phishing tests, email security best practices and awareness sessions. Today, digital has evolved significantly, and hence, the associated risk has also magnified.
So, how do you build an environment which is conscious about security? Here are a few ways:
Timing: Cybersecurity training has to be a regular feature covering different aspects of advanced threats and new tactics that employees should adopt to stay safe. It is crucial to adopt an online cybersecurity awareness platform, where employees of your organization can learn cybersecurity in the most interactive way. It is crucial to automate the “people pillar" to help organizations continuously monitor and improve cybersecurity awareness.
Gamify your training: Gamification of technology has been the latest talk in the tech arena, and when it comes to cybersecurity training, it can be extremely useful. Can you imagine the power of a platform, which can evaluate cybersecurity learning by implementing a quiz to each of its five learning modules and quantify the cybersecurity understanding of your employee?
Get your leaders involved: One of the usual targets for phishing attacks are C-suite executives. While it is important you have your IT department or a vendor do the actual training, the intent needs to come from all stakeholders in leadership, management and the C-suite. Nobody is immune to cyber attacks.
Rahul Tyagi is co-founder of Lucideus, a New Delhi-headquartered enterprise cybersecurity solutions company.
Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint.
Download The Mint News App to get Daily Market Updates.
More
Less
