Two words: “Secure workforce”: Every employee has a role to play in cybersecurity

To protect businesses from cyberattacks we need to address the human factor in cybersecurity.

By Sara Downey, Research and Insights editor, Dell Technologies

We’re reaching the end of Data Privacy Week. During this week, governments, parliaments, national data protection bodies and other actors raise awareness about the rights to personal data protection and privacy. It’s important work and arguably should be done every day.

Protecting privacy isn’t just a corporate responsibility. Employees also need to be more vigilant. In fact, company efforts will fail if employees don’t become savvier too.

They need to be better at spotting a phishing attack, know how to securely use VPN, lock down their home network, and heed data protection regulations. It’s one thing to know about General Data Protection Regulation (GDPR), for instance; it’s quite another to change their practices accordingly.

Why the urgency? Because hackers are becoming more audacious, and they’re using state-of-the-art technology to outsmart their targets and steal companies’ data. What’s more, they don’t just rely on clever code to break into systems; they also surveil and exploit human complacency or uncertainty.

From our chief security officer…

To drive home the message, John Scimone, senior vice president and chief security officer at Dell Technologies, recently told MIT Technology Review Insights that “security is everyone’s job.” And building a culture that reflects that is a priority because cyber-attacks are only going to increase. He explains, “As we consider the vulnerability that industry and organizations face, technology and data are exploding rapidly, and growing in volume, variety, and velocity.”

In fact, the sudden shift to remote work exposed companies further. Scimone noted that with the pandemic, we saw an increase in risk, with employees using their corporate laptops and corporate systems outside of their traditional security boundaries: “In reality, many organizations were never designed from the get-go to think about a mass mobility remote workforce.”

With increased exposure to risk comes the specter of greater damage to businesses. Scimone continues, “I would have to say that ransomware is probably the greatest risk facing organizations today.”

And while ransomware isn’t a new threat, it is compounded by the shortage of cybersecurity experts and white hat hackers. Scimone explains, “We view the lack of cybersecurity professionals as one of the core vulnerabilities within the sector. It’s truly a crisis that both the public and private sectors have been warning about for years.

“As we look forward, we estimate we’ll need to increase talent by about 41% in the U.S. and 89% worldwide, just to meet the needs of the digitally transforming society.”

Hence, everyone needs to be on high alert. We can cross the chasm by building a strong security-awareness culture with employees. Scimone details the success Dell Technologies has experienced with this, “Over the last year, we’ve seen thousands of real phishing attacks that were spotted and stopped as a result of our employees seeing them first and reporting them to us.”

While efforts to approach cybersecurity from a systemic and technical perspective should be applauded, Scimone also urges businesses never to lose sight of employee contributions. “[All interventions should run] against the backdrop of an organizational culture where every team member knows they have a role to play.”

Listen to the full episode below and the interview transcript can be found here.