Creating a cybersecurity culture in the workplace

Top Business Tech held caught up with Cybersecurity Specialist for ESET, Jake Moore, who emphasizes the need for a cybersecurity culture in the workplace.
Top Business Tech held caught up with Cybersecurity Specialist for ESET, Jake Moore, who emphasizes the need for a cybersecurity culture in the workplace.

Top Business Tech held its first webinar, ‘Cybersecurity: Fighting back with AI’ , where we, caught up with Cybersecurity Specialist for ESET, Jake Moore. 

Moore previously worked for Dorset Police, spanning 14 years primarily investigating computer crime in the Digital Forensics Unit on a range of offences from fraud to murder. Within law enforcement powers, he learnt how to retrieve digital evidence from all devices whilst engaging in various ways to break security to help protect innocent victims of cybercrime ethically. He then became a cybersecurity consultant for the police delivering tailored advice to the public and local businesses to help protect the community and build upon their security foundations.

As IT leaders know all too well from the last year, cybersecurity threats have continued to climb at an exponential rate. In addition to this, the nature of the threats has changed. This shift has been attributed to the cybersecurity risks posed by remote work and cloud migrations that organizations carried out hurriedly. 

Cyberattacks impact companies of all sizes

“It always comes down to the size of the company,” says Moore, “A smaller company does not expect to be the subject of an attack, and so they don’t put the resources into cybersecurity. Even if they’re aware of the resources, they don’t spend money on them, because they think they’re expensive.” He notes that employees in smaller companies often wear “multiple hats” and are often stretched thin or lacking in extensive security knowledge. He explains that cybersecurity strategy funding and implementation often falls to year two or three for a small company, but this leaves startups and scaleups extremely vulnerable to attacks. This is why its essential that smaller companies move from a reactive to a proactive mindset. 

Moore says that larger companies often think that they are actually secure as they offer training, but the culture is missing from the workforce. “Staff are tired of hearing the same training every year. It just becomes a ‘tick-box’ exercise.” With this training fatigue often comes a decline in awareness of cybersecurity threats. When this is paired with the threat posed by attackers that harness AI to launch attacks on an organization, companies of all sizes are at risk. Larger companies will then have the ICO to consider in the wake of an attack. Moore acknowledges that there is a need for large companies to be held accountable for shortcomings in data protection, but also believes that fines should be spent on bettering cybersecurity capabilities. The third post-attack issue is the breach of customer trust, and the loss of potential customers.

Cultural awareness

Organizations of both sizes need to educate their employees, and ensure an active culture in cybersecurity awareness. Moore is fond of fishing simulations, but only when done right. “I think phishing simulations can have a double-edged sword attached to them.” He goes on: “Employees may not know how to report a phishing email when it comes through. In the event that they do fall victim to a scam, they should not be chastised over the mistake, as they will likely already feel terrible, and need to be educated instead of punished.” 

Moore emphasizes that deep fakes are “amazing technology,” and have become exceptionally sophisticated, and the rise of ML has enabled attacks to scale drastically. Employees may not even know that technology of this kind exists, so organizations cannot punish them for an education that it failed to deliver. Machine learning in cyberattacks has also challenged organizations and their public data. Moore references the Facebook attack, that scoured public information from public Facebook profiles on a colossal scale. Though Facebook denied this as a breach, as the information taken was public, it certainly draws questions toward brand trust, and the need for organizations to educate their employees and customers. 

Small organizations and tech giants are not immune to these ever-evolving attacks, and organizations and employees need to remember that this extends to communications platforms. Zoom, Slack and WhatApp all pose varying cybersecurity risks. Moore recommends Signal, a non a cross-platform centralized encrypted instant messaging service, where users can set images and texts to delete after a certain period. In addition to these new communication platforms, email remains at the heart of both communication and phishing attacks. “We may not all use Signal, or WhatApp, but we all use email,” says Moore. Long past are the days of poorly worded emails from Nigerian princes requesting banking details. Today’s phishing emails are created from algorithms, and often have an acute understanding of human psychology, the best of which can impersonate an employee’s boss, or play on a user’s personal weakness. 

READ MORE:

Moore’s advice is simple: “remain cautious.” Any request for personal details should always be treated with scepticism. We are now in an age where attackers can even remove two-factor authentication. An attacker can steal a ‘one-time code’ for authentication once typed in. At this point, the user has invested in the belief that this is not a scam and is authentic, but Moore urges that even a flicker of doubt should halt the user from progressing forward. Of course, this is easier said than done when scams are so convincing, and Moore reiterates that employees should not be punished twice for falling for a phishing attack. “Though they can be annoying, quizzes are a good way to educate employees.” Remember that an organization will never be completely protected, and threats are ever-evolving, so defences need to evolve with them. An organization’s commitment to security must never stop. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...