Australia is recognised as being one of the most technogically advanced countries in the region, with an increasingly mobile workforce helping to foster a more agile and productive business landscape.
However, alongside these innovations in working practices is a rising number of cyberattacks – for example, the recent spate of ransomware breaches, from Wannacry to NotPetya which have crippled multinational corporations, including those in Australia.
Research suggests that businesses operating in Australia are nine times more vulnerable to cyberattacks than other Asian economies and there was a 109 per cent increase in the number of detected security incidents in Australia in 2016 compared to the previous year, according to PWC’s latest Global State of Information Security Survey.
In a business environment where breaches are becoming more frequent, and increasingly sophisticated, organisations in Australia are investing in more robust infrastructure to protect their data, assets and reputation. From advanced machine learning and artificial intelligence, to cloud based monitoring and analysis technologies, companies are investing heavily in the latest and most effective safeguards. Yet the effectiveness of these solutions is increasingly dependent on one often overlooked business commodity – employees.
With the rise in BYOD and flexible working, employees are often the biggest threat to safeguarding a company’s data and IP against cyber criminals. Staff negligence and indifference to IT policy is one of the most significant inhibitors to cloud security. Further, there is a clear lack of security understanding. Almost two-thirds of companies attribute employees “lack of cyber security knowledge” as the biggest inside threat and only one in ten Asia Pacific companies fully understand how cyberattacks are performed.
In recent research undertaken by The Ponemon Institute for Citrix, “The Need for a New IT Security Architecture: Global Study”, over half (60%) of respondents stated that employees and third parties bypass security policies and technologies because they are too complex.
This lack of education and awareness is leading to two types of companies emerging – one that knows it has been hacked, and one that does not. If individual employees are not fully aware of how breaches occur and do not take steps to not only protect IP, but also monitor and alert managers about cyber issues, the door is continually left open for cyber-attacks. After all, it only takes one unpatched computer to gain access to a network, which can spread to other systems like wild fire.
What can organisations do to allow staff to work the way they want to, while ensuring confidential data and competitive IP is safeguarded in the data centre? How can they promote a resilient and active security culture, while empowering staff with knowledge and education?
1. Embedding security into everyday operations
Firstly, security needs to be embedded into the day-to-day running of the business to ensure it stays front-of-mind and becomes ingrained in core business processes. It’s the ‘human firewall’ effect, whereby employees become integral to the security solutions rather than the problem.
As such, security policies should be developed collaboratively across the company from the top to the bottom, with input from as many stakeholders as possible playing an equal part. Regular training is also best approached on a collective basis and should be more than one standard session per year.
Some organisations take this approach one step further, developing fake phishing emails and distributing them to staff, to alert IT teams to more susceptible employees. Identified employees can then be enrolled in additional training on how to spot a sophisticated scam.
Employers have a duty of care to arm all employees with the necessary tools, guidance and training to protect their organisations. By organising certifications, comprehensive curriculums and free learning opportunities to develop employees and their security awareness, employees’ ability to recognise and respond to potential attacks will be enhanced.
2. Adopting a hearts and minds approach
Taking it a step further, smart organisations should take an even more active role in engaging and uniting employees against breaches and security issues. Creating a culture of security advocates who are well informed and feel compelled to help protect the intellectual property of their employer is vital to long-term protection.
This can be enabled and promoted in various ways, including the use of fake phishing attempts or mock breaches to develop the security awareness of employees, and their ability to recognise potential attacks.
These mock attacks are a highly effective tool, firstly as a test bed to gauge the level of vulnerability of your organisation, and also as an interactive way of educating employees on best practice, safe behaviours and as a way of motivating team members.
This approach gives the individual more responsibility and accountability in preventing attacks, so that everyone can contribute to shared goals of advancing and protecting the business and its culture.
3. Have a holistic view on security, across the network: Securing data from the bottom up
Lastly and most crucially, any approach must be underpinned by the appropriate technology infrastructure to support and protect a modern, collaborative and mobile workforce, while ensuring data is safe within the data centre. Without this foundation, any ‘security-minded’ company culture will have its vulnerabilities.
When surveyed, 44 per cent of respondents from Australia stated that visibility into all business-critical applications and systems, was critical for a successful security framework. Core security pillars should include; identity and access, network security, app security, data security, and monitoring and response.
Any technology deployed to support your business’ security needs should provide you with a view across the organisation, the network, apps, data and down to an employee level to help ensure critical assets are secured to suit the demands of the modern workforce. Employees can be able to work productively from anywhere, without security being compromised. These solutions also deliver access from a centralised system, while addressing privacy, compliance, and risk management mandates.
With the ongoing spotlight on cyber security and threats constantly evolving, coupled with an increasingly mobile workforce, it’s clear that robust infrastructure is only fully effective when supported by proactive, educated and breach savvy staff.
The time to act is now with 72 per cent of respondents to the Ponemon Global IT survey from Australia stating that it’s time for a new security framework. These respondents also called for the number one goal of this new framework to be ‘a unified view of users across the enterprise’ (50%).
To ensure companies and their teams can work effectively and productively from anywhere, steps must be taken so staff are no longer considered a threat. This is very much within reach for all businesses and promises to be a key agenda item as cyber security continues to gain a presence on the international agenda, and in our working lives.
Citrix (NASDAQ:CTXS) aims to power a world where people, organizations and things are securely connected and accessible to make the extraordinary possible. Its technology makes the world’s apps and data secure and easy to access, empowering people to work anywhere and at any time. Citrix provides a complete and integrated portfolio of Workspace-as-a-Service, application delivery, virtualization, mobility, network delivery and file sharing solutions that enables IT to ensure critical systems are securely available to users via the cloud or on-premises and across any device or platform. With annual revenue in 2016 of $3.42 billion, Citrix solutions are in use by more than 400,000 organizations and 100 million users globally. Learn more at www.citrix.com.