Building resilient teams with cybersecurity understanding is key according to internet security provider ESET.
Cybersecurity has become the most important consideration for any modern business. A majority of organisations inhabit the online world in some shape or form, and technology is at the core of most business functions.
With the COVID-19 pandemic acting as a catalyst for accelerated digitalisation across almost every industry, the pressure to be resilient and dynamic in the face of change has heightened.
ESET partnered with leading business psychology organisation The Myers-Briggs Company to explore the critical role employees play in keeping organisations safe from online threats, investigating the link between personality type and vulnerabilities to cybercrime.
They also examined the attitudes and experiences of over 100 Chief Information Security Officers on cybersecurity during the COVID-19 lockdown.
Cybersecurity challenges during COVID
Since COVID-19 lockdown in March, the world of work has changed dramatically in ways most people could not have envisioned. The result – mass implementation of remote working that has seen a heavier reliance on technology than ever before, and a resultant disruption of many businesses’ technology infrastructures.
Central IT systems have been substituted with a network of disparate individuals, all with a greater responsibility for their own technology use and cybersecurity needs. Not only does a fractured security system leave companies vulnerable, but employees’ confidence in handling cybersecurity is also a serious risk.
The cybersecurity landscape is constantly evolving and ESET’s research found that since lockdown began, cybercrime has increased by 63%, and businesses are right in the firing line due to their now dispersed workforces. Simple measures such as using a virtual desktop interface or requiring encryption for sensitive files can reduce the likelihood of a successful attack.
ESET’s research revealed that more than half of businesses did not have continuity measures in place for a potential pandemic before the COVID-19 outbreak, and while 80% said they did have a remote working strategy in place, only a quarter of businesses would consider their remote working strategy and operations plan effective.
If businesses are to thrive rather than just survive, a holistic cybersecurity strategy that takes individual personalities into account alongside a comprehensive endpoint software solution is crucial. With so much responsibility resting on employees all working from different locations, devices and networks, a self-awareness of positive cybersecurity habits and personalised cybersecurity training is essential.
Working from home
It was revealed that for 75% of companies, half of their business is being undertaken by employees who are working remotely that were not doing so before COVID-19.
Although employees will eventually return to the office, remote working in some form is here to stay. Remote working has brought flexibility, but it has also dramatically altered business processes and systems in order to cater to a distributed workforce.
Some of the baseline security measures taken for granted in the office must be compensated for at home, such as requiring home workers to use multi-factor authentication or a VPN to access internal networks. Reminding workers to enable automatic updates and check the security of their own Wi-Fi networks is also crucial as the first line of defence against cybercriminals.
When evaluating the challenges associated with employees who are working from home, 80% of companies said that an increased cybersecurity risk caused by human factors posed some sort of challenge.
In addition, 37% of companies said workplace digitalisation and the shift to online processing has been challenging. With the combination of fractured business IT systems and a lack of central security, a sudden shift to remote working and a global climate of stress and concern is the perfect breeding ground for a successful cyberattack.
Managing stress in a virtual world
In the report ‘Personality and stress in a virtual world’, The Myers-Briggs Company found that 47% of respondents were somewhat or very concerned about their ability to manage stress during the coronavirus crisis, with the economy going into a recession and the health of family and friends as key concerns.
This persistent undercurrent of stress affects different personality types in different ways, and manifests in the ways different people manage stress and respond to certain situations. Already stressed employees may be more likely to panic and click on a malicious link, or a lack of attention to detail may result in a security breach not being properly reported to IT.
Confident employees who are educated on cybersecurity best practice are the foundation of a resilient strategy. As ESET discovered from its Catphishing research, which looked at the cybersecurity habits of 2,000 employees in the UK, 69% of Brits say they are concerned about their cybersecurity but have no clue what to do about it, with 68% of 25-54-year olds and 55% of over 55s admitting to having concerns or worries about cybersecurity.
Although employees in the 16-24 age bracket worried less, this does not necessarily mean that they would be less likely to fall victim to an attack as complacency, a lack of skills, and shortfalls in training can leave businesses vulnerable.
If human error is responsible for a majority of cyberattacks, then businesses cannot ignore the impact of human traits and characteristics on employee cybersecurity habits. Cybersecurity has long been thought of as the responsibility of IT departments alone, but to build a holistic cybersecurity strategy that accounts for the human factor, IT and HR departments must work together.
Using psychometric testing and self-awareness tools, HR can help to identify the make-up of teams and pinpoint where potential vulnerabilities exist. IT teams can use this insight to create comprehensive security protocols and a proactive cyber strategy to stay one step ahead of potential threats.
Accounting for personality preferences can make cybersecurity training more engaging and effective – by delivering broader training at induction and following it up with regular check-ins and updates that are tailored to employees’ personalities, good cyber hygiene and security habits are more likely to be adhered to.
This is particularly important considering the move to mass remote working by many businesses. As IT teams have less visibility and physical access to individual employees, ensuring your workforce is properly educated on cybersecurity best practice is vital in protecting the entire organisation.
The cybersecurity landscape has evolved significantly in the past 12 months, as some threats have disguised themselves and resurfaced in various forms. At their core, most of these threats can be identified as malware or phishing; malicious attacks on organisations’ systems can be avoided when people understand themselves and are self-aware about what type of attack they might be vulnerable to. In doing so, organisations can be proactive in mitigating cyber risks.
You can download the full report at https://www.eset.com/uk/business/cyberchology/.
Since you’re here…
More than 30,000 readers per month enjoy the content we publish on PA Life. PA Life sits right at the heart of the PA and EA community, providing advice, profiles, How To guides, reviews and more.
We’d like you to be part of our community too and you can sign up to the newsletter, which is completely free of charge. As well as two weekly round-ups of the top stories, you will also have access to our bi-monthly magazine.
Click here to sign up to our newsletter.