Human factor: The blindspot in cybersecurity

By Alex Lim, regional sales director - SE Asia, channel & alliance director – APJ, Forcepoint.


Alex Lim cyberattacks cybersecurity Forcepoint



Alex Lim, regional sales director – SE Asia, channel & alliance director – APJ, Forcepoint

 

As a major international centre for trade, finance and logistics, a cyberattack on Singapore’s network could potentially impact the wider regional and global economy. Despite the rapidly changing face of cyberattacks in this digital age, many logistics companies continue to rely heavily on traditional programmes and tools to tighten their security infrastructures.

 

With more stringent security features, one would think that these companies considered themselves protected from the ever-present cyberattacks lurking in the vast network. However, Forcepoint’s global Human Point report has revealed that only four per cent of cybersecurity professionals surveyed expressed satisfaction with their cybersecurity investments to date. Reason being, cyber criminals are increasingly turning their attention to attacks at the human level.

 

Unbeknownst to many end users, human behaviour can lead to cybercrime opportunities such as phishing and malware attacks where criminals employ unscrupulous tactics to gain access to critical business data. For instance, in 2016, a multinational logistics organisation in Singapore fell victim to a major cyberattack where perpetrators sent emails attached with a third-party ad link. Unwittingly, employees who clicked on the ad link enabled the successful installation of a malicious software, granting perpetrators access to the critical business data. The incident has proven once more that defending against today’s cyberthreats can be an uphill struggle, for any organisation.

 

This now begs the question, should organisations bolster their cybersecurity wall or should they focus on protecting the points where their employees, critical business data and intellectual property (IP) come together and most vulnerable?

 

In the age of digitisation, businesses today face a massive data sprawl. Critical business data is now spread across private and public cloud applications, emails and personal devices. Even though 46 per cent of respondents in Forcepoint’s global Human Point report have expressed worrying concerns over the co-mingling of personal and business applications on smartphones and laptops, many employees continue to employ these systems with limited corporate control when managing critical data during and after work. Unknowingly, this has resulted in increasing accidental data breaches as most personal devices lacks the security infrastructure.

 

The co-mingling of personal and business applications also subject businesses to the misinformed decisions of their employees. From social media platforms that lack security functions to the opening of dubious emails, employees are inadvertently providing cyber criminals with plenty of leeway for cyberattacks. With humans as the constant across technology use and cyberthreats, today’s security tools are simply not able to capture the best understanding of human behaviour and intent.

 

Traditionally, many organizations have treated cybersecurity primarily as a technology issue, with a focus on technical solutions that prevent cyberattacks. In the face of the massive data sprawl, it might be time to look at the human side of cybersecurity. There are many points where people interact with critical business data, ranging from email to social media to third party cloud applications. Email, by far, was gauged to present the greatest threat. In fact, 45 per cent of respondents in Forcepoint’s global Human Point report named this as the top risk. Mobile devices and cloud storage were also deemed significant areas of concern.

 

To mitigate this risk, organisations should look at developing a holistic cybersecurity system that observes employees’ behaviour as they handle critical data or provide context to evaluate user risk. Besides analysing human intent, organisations will also need to realise the importance of continually educating their employees on the cyberthreats and measurements that they should undertake to secure themselves and the organisation.

 

Overall, securing technology infrastructure should no longer be considered the first line of defence to overcome cyberthreats. Understanding employees’ behaviour and intent could be the best bet in solving this technology or human-first dilemma of cybersecurity.