Why team spirit is just as important as technology when it comes to security resilience

Matt Rider, VP of Security Engineering EMEA at Exabeam, discusses the effects of the pandemic and remote work, ways in which organizations can improve company morale, and the impact this will have on security resilience. 
Matt Rider, VP of Security Engineering EMEA at Exabeam, discusses the effects of the pandemic and remote work, ways in which organizations can improve company morale, and the impact this will have on security resilience. 

The global pandemic may have dominated headlines for much of the last 18 months, but the virus itself is far from the only challenge businesses have faced during that time. As we approach the end of 2021, light grows at the end of the Covid-19 tunnel; it’s important to take stock of how our working lives have changed during the pandemic and what, if any, impact this has had on an organization’s cybersecurity posture. 

Everything, from personal wellbeing and future promotion prospects to team changes and the growth of remote working, has the potential to negatively impact overall morale, leading to disgruntled or disenfranchized employees that pose a major security threat to their organizations.

Leading from the top

There are many ways companies can address these factors and improve company morale, but to be successful, it’s imperative that senior leadership is also on board. A strong sense of team spirit – led from the top – can overcome so many barriers, be it the sense of isolation that comes from over a year of home working, unexpected team departures, reshuffles or even data breaches themselves. Strong communication really is the glue that binds everyone together, particularly during tough times. 

Something as simple as checking in regularly with employees is a great place to start, making sure they are okay and encouraging them to destress whenever possible. Small, light-hearted initiatives, ranging from virtual meditation to online happy hours, can also have a big effect. More advanced activities such as mentorship programmes and building new communities within the workforce offer the potential for longer-lasting benefits. 

Whatever path is chosen, managers and employees must all work towards transparent and shared business objectives. If this happens, performances will improve, as will trust in leadership. But perhaps importantly, loyalty and passion for work will grow, strengthening the overall security posture in the process.

Be vigilant for signs of employee burnout

recent Exabeam study found that during the early days of the pandemic, more than 75% of businesses were forced to furlough members of their security team, despite cyber threats rising exponentially during the same period. For non-furloughed staff, this led to significantly higher stress levels as they were forced to do more with less, including fighting new, unknown cyber threats. This issue was further compounded by remote working, making it harder to collaborate effectively with colleagues and communicate with other departments as needed. 

The blurred lines between work life and home life also mean employees throughout the security operations centre (SOC) have been working longer hours and finding it tough to switch off outside of this. As employees continue to juggle their jobs with the distractions of remote working, burnout must be on every business leader’s radar. Boundaries should be set with work schedules and flexible hours offered to those who need them. In short, leaders need to listen to their employees’ needs. Fatigue across departments can lead to costly mistakes such as falling for phishing emails, and on the security side, it can be the difference between an employee spotting or missing key attack indicators. 

Regular security training helps keep employees alert to new (and old) threats

Conducting regular cybersecurity training, is another cost-effective way of reducing risk and minimizing the chances of careless actions, such as forgetting to log out of a work computer or using weak passwords, leading to a major breach. It also serves as an opportunity to remind administrators to change default passwords and apply security patches. 

Carrying out periodic anti-phishing training exercises is another great tactic, particularly among remote workers. This entails sending phishing emails out across the organization and looking for any users that fall for them. Once identified, these users can be given additional training, helping prevent them from falling for genuine attacks and unwittingly becoming compromised insiders. 

Bad actors responded extremely quickly to the opportunity presented by the first lockdown and the subsequent, rapidly enforced home-working to create a raft of phishing campaigns and misinformation websites hosting malware – at its peak, over 5,000 COVID-19 related domains were being registered per day during March 2020. Fear, uncertainty and doubt alters the behavior of even the savviest end-users, even more so when we’re isolated at home, where the casual but often vital, ‘Hey Polly, have you seen this weird email as well?’ isn’t possible.

The benefits of cybersecurity also extend basic safeguarding. It can help employees develop new skills, spark interest, and even open up new career paths for those with a particular interest in the topic, which can be invaluable in the face of the ongoing global cybersecurity skills shortage.

Empower employees by giving them the tools needed to succeed

 For businesses operating with smaller teams, or still dealing with staff absences, automation tools can also play a huge role in helping to mitigate threats and improve future business prospects. User and entity behaviour analytics (UEBA) is one such tool that tracks, collects, and analyses user and machine data to detect potential breaches. It does this by establishing ‘benchmarks’ for normal behaviour over a period of time, then automatically flagging any behaviour that deviates too far from these benchmarks. 

As a result, UEBA can spot unusual online behaviours, such as logging in at strange times/locations, uploading or downloading large amounts of data, or the same credentials being used by multiple users, all of which are tell-tale signs of insider threats. More importantly, UEBA can often spot these behaviours before criminals have gained access to critical systems. 

READ MORE:

Even before the COVID-19 pandemic, cybersecurity was a challenging industry to work in. But after over 18 months of business disruption, furlough and job losses, combined with a significant rise in the number and variety of cyberthreats out there, it’s become harder than ever for organizations to stay ahead of attackers. While tools and technology can play a big role in helping offset some of these challenges, prioritizing employee wellbeing, education and company culture can play an equally important role, which mustn’t be overlooked.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of security resilience, Leadership, Why team spirit is just as important as technology when it comes to security resilience

Matt Rider

Matt Rider is VP of Security Engineering EMEA at Exabeam.

Hacking Cyber Security’s battle for workers

Andrew Marsh • 30th September 2022

Cyber attacks are increasing exponentially, cyber professionals are quitting, and ultimately, no one is replacing them. Worldwide, the cyber workforce shortfall is approximately 3.5 million people. We have a mountain to climb. While there are rising numbers of people with security degrees and qualifications, this falls way short of industry demand.

Getac becomes British Touring Car Championship official technology partner

Chris Gibbs • 29th September 2022

In competitive motorsports, the smallest detail can be the difference between winning and losing. Getac is the official technology partner to the British Touring Car Championships (BTCC) helping it achieve its digital transformation goals, putting a wealth of information at the fingertips of both race officials and teams alike, and helping deliver incredibly exciting racing.

The Time is Now for Digital Transformation

Paul Waddilove • 29th September 2022

According to a McKinsey research report, 70% of enterprises that had taken on digital transformation reported in 2020 that their momentum had stalled. It is worth understanding the reasons–culture or scale for example–causing the slowdown as the payoffs from digital transformation can be impressive. It can lead to more efficient operations, with enterprises enjoying autonomy...

Addressing the environmental impact of the data centre

David Watkins • 29th September 2022

David Watkins, solutions director at VIRTUS Data Centres , share how you may have seen the recent news that Thames Water has launched a probe into the impact of data centres on water supplies in and around London, as it imposed a hosepipe ban on its 15 million customers in a drought-hit area. Ensuring that...

How Can Businesses Ensure Efficient Management of COSU Devices

Nadav Avni • 29th September 2022

Nadav Avni, Chief Marketing Officer at Radix Technologies, shares how when it comes to speeding up queues and providing instant information, nothing beats corporate-owned, single-use (COSU) devices. When put in kiosk mode, these devices become efficient digital assistants that collect and share information.

The Cloud – Debunking the Myth

Guy Parry Williams • 26th September 2022

Mid-sized businesses are head down, wrestling with constantly evolving operational challenges, from skills shortages to supply chain delays and raging inflation. Management teams lack the time and often confidence to explore technology innovation and, as a result, too many companies are missing vital opportunities to cut costs, boost efficiency and reach new customers.