Changing perceptions of cybersecurity in the workplace

The news, as ever, is packed with stories about failings in cybersecurity – and no sector is safe. According to a report by Big Brother Watch, more than a quarter of councils have had their systems breached in the past five years, 25 of which resulted in lost data.

But while the scale, severity and impact of these widely reported breaches differ, they all seem to have one thing in common: human error as the weakest point in security.

It’s a perception that stretches across every business. If end-users didn’t veer away from policy, circumvent protection and generally make their own rules, breaches would be a thing of the past.

Sadly, it’s just not that simple – and it’s time we all changed the level of responsibility we place on end-users.

Why cybersecurity training is essential

In the public sector breaches uncovered by Big Brother Watch, statistics showed that 75 per cent of councils don’t make cybersecurity training mandatory, while 16 per cent offer none at all. When users at the frontline of security are under-informed, there’s no doubt that better education could substantially decrease exposure.

Without the right training, users don’t think twice about clicking, downloading, or forwarding email attachments, documents and executables. From browsing websites to inserting USB sticks, they work on the assumption that if your network and endpoint security lets it happen, it must be safe. That is, until their data is encrypted by malware and their files are gone forever.

Of course, that’s what your attackers are counting on – that your users will do whatever appears to offer a new opportunity, a faster way of working, or a shortcut to getting things done.

The right training can embed a culture of security, encouraging users to be more discerning and naturally suspicious of every interaction. According to The Ponemon Institute, even the least effective anti-phishing training delivers a seven-fold return on investment.

But, just as your technical security needs to be layered and multi-faceted, even the best training in the world isn’t enough by itself.

Whose mindset should you be changing?

As we wrote recently, end-users certainly share responsibility for cybersecurity. But asking them to burden the weight of keeping all your systems safe is a big ask.

Education and awareness are critically important parts of your security posture. But assuming the right training will solve all your problems and eliminate all your risks is a dangerous mindset – perhaps even more dangerous than a few under-informed users could ever be.

For too long, cybersecurity has been perceived as a problem that can be solved with the right information and the right technology. As attacks become more widespread and more sophisticated, that perception needs to change.

Bromium: reframing the cybersecurity conversation

Until now, every form of protection for your systems has been built around the assumption that users need a strong cybersecurity understanding – and, if they don’t, you should improve that. A game-changing solution, Bromium Secure Platform takes a fundamentally different – and more effective – approach.

Built for the real world, Bromium Secure Platform users hardware-based micro-virtualisation to isolate applications from the wider workstation and network. Every file, email attachment, and browser tab is its own discrete virtual machine. If malware executes, it’s left to do its thing safely away from your infrastructure.

And, when your user is finished, the entire container is destroyed – malware and all.

It’s a revolutionary solution that’s designed to give users confidence – not ask them to become cybersecurity experts overnight.

Written by