Progressing with technology and best practices

CEO of Netassist, Hon Fun Ping, recently shared his views that cyber security is absolutely necessary for a business’ survival. This was followed by a statistic that over 85-percent of businesses will not work with an organisation that has been hacked or suffered a data breach.

“It’s more than compliance, it’s about survival,” Hon pointed out.

After this realisation sinks in, there is still the age-old question of where investments should go into  – technology or training. This is something only each organisation will be able to answer.

With this in mind, a paradigm shift needs to happen when it comes to balancing security and usability.

“Cyber security (solutions) shouldn’t hinder your company’s growth but enable it,” Hon said, giving the example of earthquake-prone Japan and their high-speed bullet trains. Passengers have peace of mind riding the bullet train because Japan has developed extremely good braking systems.

Drawing from this analogy, innovation and growth of a company shouldn’t be hindered, but rather it is enabled because good cyber security measures are in place to ‘apply the brakes’ before things begin to get awry and out of control.

“If I can convince you that I follow the best practices, you will want to do business with me, and in turn your customers will do business with you, when you convince them that you are safe,” Hon pointed out.

A IDC report discovered that cybersecurity services spending is expected to grow even up till 2020. But the rate of this spending will be slower than before.

All the technology in the world amounts to not much if there are no skills or user awareness to use these technologies correctly and/or  to the optimum.

Users are still the weakest link

Of all the productivity tools in an organisation, email is probably the one that every employee always turns to, to send official communications.

It is a communications medium that warrants attention from whoever that receives it, and even though responses aren’t in real-time like it can be with instant messaging, it is enough official enough that it also ‘authenticates’ the sender ie. you are probably an employee with Citibank, if your email domain says ‘Citibank’.

The bad guys know about how much trust a majority of us place in the email messaging system, and they have tried to exploit this trust for the longest time, with scams ranging from donations from Nigerian princes, all the way to sales on drugs with aphrodisiac properties.

Well, these blatant scams are becoming more and more targeted and devious.

At the same event, Barracuda Network’s regional sales engineer, Fadhly Hassim shared why securing the email gateway is still necessary but simply not enough anymore.  After sharing with the audience about the different ways the bad guys were leveraging a combination of attack techniques to compromise our email systems, Fadhly pointed out that while the network security perimeter collapsed in the early 2000’s, we are at a similar moment for email security.

Sadly, a global Barracuda survey revealed 84-percent of respondents sharing that poor employee behaviour is a greater email security concern compared to inadequate tools.

One hundred percent said that end-user training is important to prevent attacks while 98-percent agree traditional classroom-style education isn’t going to cut it and there are better ways to go about user training.

Fadhly pointed out, “Tech is not enough, it still boils down to the people.”

Sure enough, the same survey revealed 70-percent of IT professionals are more concerned about email security today, than they were five years ago.

This brings to mind Hon’s cautionary message about the progress of technology and businesses that are progressing with technology.

We want to be able to use all the latest and greatest to enable growth and innovation. But, all of this should not be at the expense of the confidentiality, privacy, and integrity of our data and information.