TECHNOLOGY

Rediscover confidence in cyber security MIT Technology Review


In a short time the world has changed dramatically – and so has the world of work. The new hybrid remote and in-office work world has an impact on technology বিশেষ especially cybersecurity-and indicates that it’s time to acknowledge how much people and technology are truly connected to each other.

Activating a culture of fast-paced, cloud-driven collaboration is important for fast-growing companies, their position to innovate, outperform and outperform their competitors. Achieving this level of digital speed, however, comes with a fast-growing cybersecurity challenge that is often overlooked or overlooked: internal risk, when a team member accidentally বা or non-trusted party বাইরে shares data or files outside. Ignoring the underlying connection between employee productivity and internal risk can affect both an organization’s competitive position and its bottom line.

You can’t treat employees the way you treat country-state hackers

Internal risks include user-driven data exposure events নিরাপত্ত safety, compliance, or competitive nature যা that endanger the financial, reputation, or operational well-being of a company and its employees, customers, and partners. Thousands of user-driven data exposures and exfoliation events occur every day, including accidental user errors, employee negligence, or malicious users willing to harm the organization. Many users accidentally create internal risks, making decisions based only on time and rewards, sharing and collaborating to increase their productivity. Other users create risks due to negligence, and some have malicious intent, such as an employee stealing company information and bringing it to a competitor.

From a cyber security perspective, companies need to deal with internal risks rather than external threats. With threats like hackers, malware and nation-state threat actors, the motive is clear – it’s malicious. But the intent of employees to create internal risks is not always clear এমনকি even if the impact is the same. Employees may leak data due to accident or negligence. To fully accept this fact requires a change of mindset for security teams who have historically worked with a bunker mentality মধ্যে in blockades from the outside, keeping their cards close to the West so that the enemy cannot gain insights into their defenses to use against them. Employees are not an opponent of a security team or a company – in fact, they should be seen as collaborators in dealing with internal risks.

Transparency enhances confidence: Laying a foundation for training

All companies want to end up with their crown jewel-source code, product design, customer list in the wrong hands. Think of the financial, reputational, and operational risks that result from leaking material data before an IPO, acquisition, or earnings call. Employees play an important role in preventing data leaks and there are two important elements in making employees an internal risk ally: transparency and training.

Transparency can be at odds with cyber security. For cyber security teams who work with a hostile mindset suitable for external threats, it can be challenging to deal with internal threats differently. Transparency is about building trust between both parties. Employees want to feel that their organization trusts them to use data wisely. Security teams should always start from a place of trust, assuming that most employees have positive intentions in their actions. But, as has been said in cyber security, “believing, but verifying” is important.

Monitoring is an important part of internal risk management, and agencies should be transparent about it. CCTV cameras are not hidden in public spaces. In fact, they are often accompanied by surveillance signs in the area. It should be clear to leadership staff that their data movements are being monitored কিন্তু but their privacy is still respected. There is a big difference between monitoring data Movement And read all employee emails.

Transparency builds trust — and with that foundation, an organization can focus on reducing risk by changing user behavior through training. At the moment, safety education and awareness programs are special. Phishing training is probably the first thing that comes to mind because it has moved the sweetie and the staff can think before they click. Aside from phishing, there is not much training for users to understand exactly what to do and what not to do.

For a start, many employees don’t even know where their companies stand. Which applications are they allowed to use? If they want to use them to share files, what are the rules of engagement for those apps? Can they use data? Do they deserve that data? Does the company care? The cyber security team deals with a lot of words made by employees that they should not do. What if you could reduce that noise by answering this question?

Training staff must be both active and responsive. To actively change employee behavior, organizations should provide both long- and short-form training modules to instruct and remind users of optimal behavior. Additionally, organizations should respond with a micro-learning approach using bite-sized video designed to address highly specific situations. The security team needs to take a page from marketing, focusing on repetitive messages delivered to the right people at the right time.

Once business leaders realize that internal risk is not only a cyber security issue, but it is also closely linked to the culture of an organization and has a significant impact on business, they will be in a better position to innovate, outperform and outperform them. Competitors today Hybrid remote and in-office work world, The human element existing in technology was no more significant than this. That is why transparency and training are essential to protect information from leaks outside the organization.

This content has been generated by Code42. It was not written by the editorial staff of MIT Technology Review.



Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button