Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac
  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

    Wireless

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Dynamics 365

    Google

    HP

    IBM

    Intel

    Microsoft

    Microsoft Azure

    Oracle

    Red Hat

    Salesforce

    SAP

    Share Point

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Cognitive

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • Amazon
    • Banking
    • Blockchain
    • CISCO
    • Cognitive
    • Compliance
    • Contact Center
    • Cyber Security
    • DevOps
    • E-Commerce
    • Field Service
    • Gov and Public
    • Healthcare
    • HR Technology
    • IoT
    • Managed Services
    • Manufacturing
    • Metals and Mining
    • Microsoft
    • Oracle
    • Pharma and Life Science
    • Retail
    More
    Cyber Security DevOps E-Commerce Field Service Gov and Public Healthcare HR Technology IoT Managed Services Manufacturing Metals and Mining Microsoft Oracle Pharma and Life Science Retail
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    The Organization's Responsibility for its Own Protection

    Michael Wallmannsberger, Chief Information Security Officer, Wynyard Group

    Don't Rush to Hire an Anti-DDoS Expert!

    Barry Greene, Co-founder and Chief, Technical Officer, GETIT

    Attaining the Needs of Infrastructure Investment

    Yong Chiang Neo, CIO

    Constructing a Marketing IT Collaboration

    Jenny Williams,

    The Organic Adaptability of IT

    Pedro Sttau,

    Achieving Greater Business Value with Innovation

    Denise A. Saiki, CIO& VP Enterprise Business Services, Lockheed Martin

    Using Data Analytics for Loss Prevention

    Jonathan Lowsley, CIO, ADrive

    Mobile Architecture: Housing Security as a Foundation Component to Design and Deploy Mobile Strategies

    Ram Kalyan Medury, CIO, Magma Fincorp Ltd.

    right

    The Weakest Link Is Your Strongest Security Asset

    By Christian Anschuetz, CIO & Security Practitioner, UL

    Tweet
    content-image

    Christian Anschuetz, CIO & Security Practitioner, UL

    Despite Firms' Best Efforts, Security Vulnerabilities Are Increasing

    From the infamous Sony hack and other high-profile data breaches to Heart bleed, Shell shock and the new wave of mass mobile threats, 2014 was an historic (if woeful) year for cyber security. As a result, the topic of security is now center stage and firms are dramatically increasing their IT budgets to ward off often nameless, faceless attackers. Nevertheless, firms will continue to be vulnerable if they over-invest in technology while failing to engage their workforce as part of their overarching security solution.

    “Cyber evil-doers, like combatants on the battlefield, attack asymmetrically, avoiding hardened security surfaces and taking advantage of human weaknesses”

    Over-Reliance on High-Tech Protections Undermines Security<>/p

    Firms are turning to modern technologies to protect themselves from becoming the next security breach headline. State-of-the-art firewalls protect network perimeters and secure remote access. Hardened applications, running on secure and patched operating systems, are increasingly defensible. Intrusion detection systems stand poised to alert firms when its protections have been compromised. While these are important tools to help counter cyber threats, history and data both show that the bad actors are adept at going around technological barriers and going right after users.

    According to PWC, employees and corporate partners are responsible for 60 percent of data breaches. Verizon's research suggests the number is even higher, at almost 80 percent. These surprisingly high figures reflect in part a prevalent and dangerous myth, namely, that cyber losses are the result of attacks by technological geniuses who excel in dismantling sophisticated firewalls and circumventing other security measures.

    The reality is that, while external attackers can be highly intelligent, they typically gain access to critical information and systems by subverting well-intentioned humans. Phishing emails, links and attachments that look legitimate and even social engineering are the primary initial avenues past an organization’s defenses. Cyber evil-doers, like combatants on the battlefield, attack asymmetrically, avoiding hardened security surfaces and taking advantage of human weaknesses.

    Security Policies Often Weaken Defense

    What’s more, firms are often their own worst enemy. They chronically ignore the human element of security, often relegating efforts to engage employees to the technology-focused, and stereotypically introverted staff members of IT and information security. Instead of elevating the topic of security as an organization-wide endeavor, firms put the unfair burden of protecting their company’s intellectual property on the shoulders of a group who is ill-equipped to grasp the totality of the threat. Technological defense, although important, is only one side of the coin. Putting the responsibility of understanding and mitigating the human threat goes well beyond IT.

    Left in the wrong hands, cyber security manifests itself in burdensome and ineffective policy. Take typical password policies, for example. Setting a password policy to lockout after three tries is frustrating for users— and it almost never adds any incremental improvement in security. Making users change their password every 90 days is also folly, as it too fails to measurably improve security. These policies effectively lower a firm's security posture as users resort to writing down their passwords or finding other deleterious workarounds.

    And because many security departments are more worried about control than productivity, they don’t consider the unintended consequences of their policies. Disable USB ports? Good move, except now users move often sensitive documents via Google Drive. Disable print drivers? That also seems wise, except now users email documents to unsecured web-connected printers. Forced to choose between disruptive and apparently irrational security directives or getting their job done, workers will find a way to be productive.

    Creating Security Habits Strengthens Defense

    The key to improving overall security is to elevate the topic to an organization wide initiative, and to balance investment between technology and the education and engagement of the workforce. Pursuit of the imaginary “silver bullet” firewall is daunting in itself, so it’s no wonder firms cannot face the prospect of fundamentally changing peoples' behaviors. And given the relative ineffectiveness of the traditional security awareness programs, it’s understandable why firms have largely ignored the human element.

    Understandable, yes, but a grievous mistake. Logically, if insiders are the source of the majority of the breaches, then developing a security acumen among the workforce stands to dramatically reduce an organization’s vulnerability.

    Some technologically well-protected firms, like Dow Chemical Co., engage their work force through advanced security awareness programs that focus on targeted education. The most secure of these firms are creating “security habits.” By clearly defining desired behaviors, the firms help workers understand what they need to do, and why. By involving the workers in designing the security policies, the firms generate buy-in and support. Organizations that create the triggers, motivation, and even rewards—for example, recognition for forwarding, but not opening, a suspicious email—establish a secure operating model. If the organization’s leaders encourage employees and also visibly practice the desired behaviors themselves, then security can become a way of life in the workplace.

    To Strengthen Security, Start with the “Weakest Link”

    In The Art of War, Sun Tzu taught that attackers should "avoid what is strong and…strike at what is weak." This lesson has been well learned by today's cyber attackers, who are ruthlessly efficient in converting employees and corporate partners into unwitting allies. Good, smart workers are conscripted by attackers after being lured into opening an email attachment or following a dangerous link. If we change this paradigm and make our workforce an accountable part of the security solution, we will dramatically improve the defensibility of our firms.

    Read Also

    The Organization's Responsibility for its Own Protection

    The Organization's Responsibility for its Own Protection

    Don't Rush to Hire an Anti-DDoS Expert!

    Don't Rush to Hire an Anti-DDoS Expert!

    Attaining the Needs of Infrastructure Investment

    Attaining the Needs of Infrastructure Investment

    Constructing a Marketing IT Collaboration

    Constructing a Marketing IT Collaboration

    25 Most Promising Enterprise Security Solutions Providers

    25 Most Promising Enterprise Security Solutions Providers

    Featured Vendors

    F5 Networks

    Mohan Veloo , Vice President

    Banff Cyber Technologies Pte Ltd

    Matthias Chin, CEO

    Security Special

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://security.apacciooutlook.com/ciospeaks/the-weakest-link-is-your-strongest-security-asset-nwid-286.html?utm_source=google&utm_campaign=apacciooutlook_topslider