Training converts employees from threats to benefits
by: TEKsystems on Nov. 27, 2012
Employees are the lifeblood of any organization and can often make the difference between a company being successful and secure or inefficient and compromised. If decision-makers want the former, they need to implement advanced IT training programs that educate users on the sophisticated cybersecurity landscape and how individuals can make a difference in safeguarding mission-critical assets.
Insiders can be just as serious of a security threat as hackers and cybercriminals, as negligent or malicious employees can easily sabotage an organization's security strategy - whether on purpose or on accident. This was highlighted in a recent report by Dark Reading, which said executives can take initiative and change how much of a risk their workers pose.
"A determined attacker is going to get into your network. Who is going to report it, how are they going to respond - those are the questions that you need to ask," said Jayson Street, a penetration tester for Stratagem 1 Solutions, according to Dark Reading. "It's time to think of your employees as the biggest human intrusion-detection system."
Establishing an effective strategy to educate these individuals, however, is all in the approach.
Changing user behavior is a necessity
The only real way to ensure employees transition from a threat to an asset is to change their fundamentals, Dark Reading noted.
A separate study conducted by the Ponemon Institute and Symantec revealed that insiders continue to pose a serious risk to organizations, especially as more companies adopt cloud computing and bring-your-own-device (BYOD) programs. The survey found that negligent insiders were responsible for 39 percent of data breaches.
"The status quo doesn't work," said Aaron Cohen, managing director at security training firm MAD Security, according to Dark Reading. "People look at buying hundreds of firewalls but not spending the appropriate amount of money training their employees or making sure their employees know how to protect their assets."
Learn lessons from mistakes
As is the case with everything, practice makes perfect. In other words, companies of all sizes are bound to experience data breaches, especially as the cyberthreat landscape evolves and becomes more menacing. For this reason, decision-makers should accept the inevitable and use breaches as a training tool to educate individuals as to which security-related IT services could prevent similar situations from happening in the future, Dark Reading noted.
With the right training, employees can react to an incident faster and more effectively, reducing the damage a breach can incur.
"We've seen companies where it's a three-month cycle to detect an attack through technology, where a properly trained employee who voices [his] suspicions can lead to detection in about 10 minutes," said Scott Greaux, vice president of product management for PhishMe, according to the news source.
While there is no longer any doubt that the digital landscape is becoming more dangerous, especially with the consumerization of IT in full swing, this does not mean companies should simply keel over and accept that an inevitable breach will run them dry. With the right mindset and IT training programs, employees can become true security assets to an organization, rather than ongoing threats decision-makers need to constantly worry about.
In the coming years, executives will need to deploy innovative techniques to stay competitive with rival firms without adopting technologies that could inadvertently expose confidential resources. Educated employees can be the fundamental difference between a secure firm and a vulnerable organization. What are some steps your company has taken to minimize insider threats?