Wazzup Pilipinas!
A new worldwide study cited by leading DDoS Mitigation service provider IPC reveal that a lack of skills among employees is a critical barrier holding enterprises back from implementing threat management more effectively.
Conducted by the CyberEdge Group and IPC’s cybersecurity services partner Imperva Incapsula, the 2018 Cyberthreat Defense Report's 1,200 respondents showed that lack of skilled personnel and low security awareness among workers are the top two barriers that inhibit companies from adequately defending themselves from cyber-attacks.
The study was conducted in organizations with more than 500 employees in countries across North America, Europe, the Middle East, Latin America, Africa, and Asia-Pacific (APAC). Some key findings in the APAC region include organizations in China and Japan leading all respondents in believing that they will be compromised by a successful cyber-attack this year, Chinese companies being the world’s leading victim of ransomware, and the position of IT security architect/engineer being the hardest to fill in Japan, China, and Singapore.
“Threats are constantly evolving and the chances of being attacked are increasing significantly as enterprises everywhere integrate new web-facing technology into their day-to-day systems. New types of attack methods are always emerging, and a single employee oversight can make or break a company. This study reveals how it is imperative to keep pace with the threat landscape as it evolves and continue educating ourselves on the latest attack methods,” said Niño Valmonte, IPC’s Director for Marketing & Digital Innovation.
Human error, negligence as top risk
The revelation that the lack of employee skills is a main inhibitor to effective cybersecurity is in line with the study’s other findings. When asked on what type of attack companies are most concerned with, the respondents’ answers revealed that the top three are Malware, Ransomware, and Phishing — threats that commonly enter a computer through the negligent actions of the user.
These three attacks are often spread through spam emails that contain malicious attachments. Opening the email will end up installing the threat into a computer. What’s more devastating about this is that once installed, most of them are programmed to automatically send themselves to the mailing list of an infected computer, thereby spreading itself further. Other common sources of the top three cyber threats are malicious files hidden inside downloaded files and software, and through a method called drive-by downloading, which occurs when malicious programs are automatically downloaded by visiting an infected website.
“Cybercriminals often use trickery to get people to unknowingly download malicious files. This can be an email with a file attached that tells you it is a receipt for a delivery, a new tool for a web browser, or even a bogus antivirus program that has malware hidden inside. These are just a few examples of how attackers can infiltrate a network that every company and its employees must know about,” said Valmonte.
Making cybersecurity education a priority
In order to avoid these threats, IPC recommends that businesses conduct constant training in order to instill the right skills, awareness, and the “cybersecurity culture” required in workers to fight against new and evolving threats.
“Cybersecurity education needs to be an integral part of the workplace culture, it doesn’t mean hosting a one-time course or seminar, it means making security a collaborative, continuous cultural initiative that will take up a lot of time but is a good investment in the long run with the fate of a company at stake.”, Valmonte adds.
According to IPC, organizations must first ensure that Cyber Security Education awareness and organizational security procedures are well established not only through periodic vulnerability assessment of their network and critical systems, but also in the mind-shaping of employees’ right from the induction and training process. In line with this, Valmonte recommends executives and middle managers to foster a culture of workplace security by talking to their respective teams about the following as a start:
● Practices in keeping a computer clean, including sensibly limiting the programs, apps, and data that can be downloaded and installed, and speaking up whenever a computer exhibits strange behavior;
● Using long, strong passwords that has the combination of uppercase letters, lowercase letters, symbols, numbers, and changing them routinely;
● Recognizing and deleting email messages with suspicious subject lines and links;
● Constant and consistent backup of files and/or applications;
“By starting with these steps, a company can already drastically reduce the installation of malicious programs within their network,” said Valmonte.
Ross is known as the Pambansang Blogger ng Pilipinas - An Information and Communication Technology (ICT) Professional by profession and a Social Media Evangelist by heart.
The Cybersecurity Act of 2009 is an abomination. For years, the feds have been fretting over the Internet and its ability to connect everyone from average, Best Free Plagiarism checker available.
ReplyDeleteThis article is helpful for me, very elaborate and intersting article. There is a need to fight against evolving threats.
ReplyDeletehttp://safe-norton.com/
Connect-i is an exceptional provider of advanced penetration testing services for multinational corporations. As a cybersecurity professional, I have had the opportunity to utilize their services and I must say, the experience has been nothing short of outstanding, look more details on https://www.technotification.com/2023/07/explore-connect-is-advanced-penetration-testing-services-for-multinational-corporations.html.
ReplyDeleteFrom the moment I engaged with Connect-i, their team demonstrated a high level of expertise and professionalism. They took the time to understand our specific needs and tailored their services accordingly. Their attention to detail and commitment to delivering top-notch results was evident throughout the entire process.
The comprehensive reports provided by Connect-i were incredibly detailed and easy to understand. They not only highlighted the vulnerabilities discovered but also provided clear recommendations on how to mitigate them. This level of transparency and guidance was invaluable in strengthening our cybersecurity posture.
Furthermore, the level of communication and collaboration with Connect-i was exceptional. They were always available to address any questions or concerns we had, and their prompt response time was commendable. Their team went above and beyond to ensure that we were fully informed and involved throughout the entire testing process.
In addition to their technical expertise, Connect-i also demonstrated a deep understanding of the unique challenges faced by multinational corporations. They were able to navigate complex organizational structures and work seamlessly with our IT teams across different locations. This level of adaptability and flexibility was crucial in ensuring a smooth and efficient testing process.