In the last 10 years, evolution of technology has led to an increase in connectivity both at home and at the workplace , and processes have never been more efficient
Consumers can make purchases from their mobile phones; employees can access relevant company data from their laptops and perform work duties even if they are at the other end of the world (of course, they should already have been granted privileged access in the first place).
The increased connectivity has brought along numerous benefits to civilization. However, it has also given rise to increasingly complex cyberattacks - high profile cases such as the WannaCry Ransomware and SingHealth Data Breach have demonstrated just how devasting the consequences of a cyberattack could be. To curb this, security vendors are constantly rolling out new and updated security solutions, one more complex than the other. Some enterprises have also started setting up “Purple Teams” within their internal security teams to improve communication between the Red Teams and Blue Teams, with the eventual goal of upping the company’s defences.
It is relatively true that a lot of the security measures implemented in organisations fall on the shoulders of the IT teams and Cyber teams. But, that’s not where it ends. As a head-hunter for the Cybersecurity/Information Security space, I’ve had the opportunity to connect with numerous amazing experts in this space and gained many insights. What I came to notice, is that the culture around cyber-awareness here in Singapore is still not growing fast enough. Many of these cybersecurity leaders agree that to create and maintain an effective defence mechanism from cyber-attacks, the job does not only lie on the security team - the rest of the staff in the organisation has a key role to play as well. Taking the SingHealth Breach as an example, investigations found fundamental failings to be the root of the problem, of which two actually lie with the people - staff not vigilant and falling to phishing attacks, and weak passwords.
The biggest cyber risk in an organisation isn’t the adversary, but the people. Employees who are oblivious or ignorant of basic security practices could become the weakest link for hackers to exploit. Phishing emails is one of the most prevalent and well-known modes of cyberattack, and people still fall prey to that. Social engineering is another method that has proven to be lethal as well. No matter how robust the security systems, threats still get through with human error. This is where culture comes into play. It is imperative for the business culture to change in order to promote cybersecurity awareness. The management is responsible for ensuring regular training of employees. Prepare them with the right knowledge so that they are more vigilant and aware. Employees, on the other hand, should ensure they apply the knowledge acquired through training, and help bring up the level of cyber-awareness within the organization. This is no mean feat – it takes time, is tedious and everybody has a part to play, but it is necessary.
In the meantime, you can play a part in improving your own cyber awareness, by trying out this fun phishing quiz in the link here: https://phishingquiz.withgoogle.com/, created by Google Jigsaw (Kudos to Brian Hansen for sharing this with me). It’ll give you a brief idea on what to look out for, and identify if that email about payment from your client is the real McCoy. This link may look phish-y, but it’s not – it’s a legitimate site.
As always, I am recruiting for Cyber Security / Information Security, Technology Risk and IT Audit professionals in Singapore, so if you would like to explore job opportunities in this area or just have a chat about the current landscape, feel free to contact me for a confidential discussion.