The democratisation of technology has gotten us to where we are today. We’ve come a long way as the use of technology is no longer confined to the hands of IT experts and the uber-wealthy. When I say we live in an increasingly digital world, I’m talking about the mashup of impactful technologies from the phones in your hands to IoT to big data to the use of hyperscale cloud. Our lives are heavily impacted by these innovations as they become our tools to make the world a better place.
But that isn’t always the case. As we build these innovations to assist us, there will always be those who choose to weaponise that knowledge and now we have to worry about both physical and cyberattacks.
We are living in the fourth industrial revolution and that has made it impossible for us to revert to the times when humans were not highly dependant on technology. In the business world, technology has brought with it many advantages allowing for rapid growth and agility. But sustainability is hardly achievable without resiliency.
Security and resiliency are two different concepts that should be treated that way. While security means that you are hunkering down to defend your systems, resiliency implies that you are ready to fight back and have the means to recover after the attack.
Now the question is, how?
Nurture a Cybersecurity Culture
Though I’ve stated that security and resiliency are different, a cybersecurity culture encompasses all. To keep criminals out of our homes, we teach each member of the household basic measures such as locking the doors and windows at night, turning on the alarm system, etc. In the case that criminals do get in, we have equipped them with self-defence techniques and the number to call to reach the authorities. Cybersecurity culture is much like that.
A cybersecurity culture entails both the understanding and active participation of cybersecurity measures by all members within an organisation - one where organisational members, no matter their position, are held responsible for their online activity and acknowledge the repercussions of their actions. It doesn’t simply mean creating a set of rules for the masses to follow but developing a healthy work environment where employees are well-informed, motivated and equipped to respond to cybersecurity risks. An organisation that successfully fosters a cybersecurity culture will benefit significantly from having employees excited about ensuring its safety, making it harder for cybercriminals to attack and more manageable for IT teams to defend.
In every aspect of life, discussing theory is always easier than turning ideas into actions. While some organisations have already begun inculcating the cybersecurity culture into their workforce, others are struggling to begin.
Assess and Plan – In the words of Sun Tzu, "Know your enemy." The first step to any successful endeavour is to understand the situation at hand thoroughly. Gauge your current cybersecurity posture and consult your cybersecurity team to create a comprehensive plan that is tailored to the dynamics of your organisation. Remember what may work for others may not be what is best for you.
Educate – It is essential to take the time to guide your employees through their responsibilities towards the organisation's cybersecurity. Education can be executed by elaborating the company's cybersecurity measures and illustrating good cybersecurity hygiene. This also includes teaching them how to respond once they detect a threat. There needs to be a good amount of visibility and transparency of your company's efforts to all employees.
Follow-Through – Incentivise your cybersecurity efforts with possible inter-departmental competitions. By including a game element, your employees will be motivated to adhere to the guidelines. Following psychological paths of positive and negative reinforcement, employees that fail to comply with the safety measures should be held accountable and face the established repercussions.
Invest – Don't be afraid to invest in your organisation's security, whether it be in the form of outside training or cybersecurity solutions; it will be well worth it in the end.
Ensuring the security of a company is no easy feat. It takes the cooperation of the collective organisation. It won't happen overnight but companies that are consistent in their efforts will be satisfied with the outcomes of their mission.
Resilience at all Avenues
With the help of the collective, much can be done but there is a reason why organisations have hierarchies that control the direction of the business. When making decisions about the operations of the company, leaders need to keep in mind that digital resilience is a business issue that needs careful consideration. Hence, budgeting for resilience should be seen as investing in an asset for the organisation as it can help propel you ahead of your competitors and keep your data safe, in turn, keeping your customers happy.
This includes auditing your resiliency while ensuring that you have identified and protected the most critical data. Resiliency has to be embedded into each business process and ingrained into every employee. It isn’t simply a solution you can deploy but a philosophy you must adhere to.
About Dr Dzaharudin Mansor
Dr Dzaharudin is the National Technology Officer (“NTO”) for Microsoft Malaysia. With more than 33 years of professional experience in ICT, he engages with key national technology stakeholders including academics and policymakers to contribute to national development. Passionate in technology, he works closely with academia, holding advisory positions at several universities.