September 6th, 2019
In this era of sophisticated cybercriminals, and increasing number of online security breaches, cybersecurity is incredibly important, and we are expected to prioritize it.
Unfortunately, sometimes this doesn’t happen. While some companies have security systems in place, others know what protocols to follow to avoid breaches yet opt to ignore security updates or warning signs. Why is this the case?
Here are some reasons why we ignore cybersecurity:
Lack of the Necessary Skills
Unlike cloud computing where a vendor runs all the necessary operations on your behalf - like updating software, checking for malware and maintenance, with open source vendors you have do everything yourself, or rather hire IT professionals to run the operations on your behalf. However in some cases companies, especially small businesses, lack the funds to hire a consultant or skilled personnel to effectively manage their cybersecurity.
This leaves the burden of ensuring that cybersecurity measures are implemented to non-tech savvy employees who tend to neglect updating their software and running system checks because either they don’t know how to, or they find it hard to operate these security protocols.
Lack of Organizational Willpower
For some organizations, the neglect can be a result of being change-averse. They refuse to adopt modern security technologies or upgrade to current platforms that would protect them from hacks because they believe that they will be difficult to operate or that their employees will fail to use them - defeating the purpose of installing them in the first place.
Additionally, some small businesses have their priorities set on foundational elements such as marketing, sales and product development instead of cybersecurity. It becomes increasingly difficult for the IT specialists in the organization to advocate for cybersecurity protocols if they rarely interact with the stakeholders to convince them of its importance. Businesses tend to focus on driving sales and may overlook the fact that one hack can be incredibly costly and can potentially erode all the profits they’ve made on investments outside of security.
Employees Lack Knowledge
Some companies have sound security systems in place, however, it’s only their IT staff that knows their importance in its entirety. Cybersecurity should be a joint effort by all employees in the company, especially with cyber threats like email phishing, scams, identity theft, social media hijackings and credit-card frauds. For instance, the Seagate Technology whaling scam which resulted in a leakage of classified employee records happened because an employee was tricked into opening an email seemingly from the CEO. If the employee knew what to look for warning signs, like the fact that such emails always appear in Spam mail, this could have been avoided.
Employees need to be educated on how to be the first line of defense against cyberattacks with cyber security awareness training. IT professionals should orchestrate false attacks using ordinary phishing, spear phishing and whaling phishing to see if employees will or will not open ‘suspicious’ emails, attachments and links. Then, provide employees with targeted training. The security awareness training should also cover browsing behavior to educate all employees about the dangers of using unsecured networks to do their work along with the risks of opening unsecured websites, and downloading apps and software from these sites.
Plain Old Negligence
Negligence can be attributed to the busy schedules of today’s workforce and can potentially lead to carelessness in opening deadly attachments or ignoring/postponing malware and operating system updates for later, and then forgetting about it. For example, WannaCry Rasomware attack on NHS could have been avoided if the organization had updated its Windows operating system since the virus targeted a flaw in older systems which Microsoft had already patched in its updates.
Employees also dread frequently changing their passwords, ensuring that they have multi-factor authentication and running system maintenance and updates. When employees do not take the time to make these changes, they make themselves and their organizations vulnerable to cyberattacks and their repercussions- financial costs, loss of information and damaged reputation.
Need help with installing cybersecurity protocols in your organization?