Why Adopting The Right Work Culture Can Help Avoid Data Breaches

The latest Carbon Black cyber security report released by VMware raised some much-needed awareness on the latest dangers and conflicts in 2020’s cyberspace. Following the long chain of cyber incidents in 2019, understanding attacker behaviour and ransomware were this year’s main findings, as well as the underpinning points to forthcoming strategies. What also didn’t go unnoticed in the report were the cross-departmental relationship gaps between the IT and Security team and their impact on cyber risk.

Just days before the release of the Carbon Black report, the world’s most renowned cyber security gurus came together at the RSA Conference to weigh in on the biggest threats the industry is likely to face going forward. While ransomware was yet again a hot topic, the human dimension in security also opened the gate to a range of concerns. This subject matter touched on sensitive issues involving human behaviour in the workplace, including the risks of data breaches as a consequence of increased tension between departments. 

Although businesses are keen on investing more in cyber security to tackle the dangers, it’s clear that toxic work environments and sectional mindsets seem to be counteracting these efforts. On that note, here’s why we think that an inadequate work culture contributes to increased data breaches.

Cyber security should be part of a collaborative effort

Building bridges with other teams and viewing them as powerful security assets will make staff think twice before ignoring security best practices. Human cyber risk is very much a subjective matter and is highly dependent on interpersonal relationships. 

Investing millions in the latest technology won’t bring about the right outcome if people don’t share the same outlook on cyber security. Defenders will never get results on their own without acknowledging the contribution of other employees, and vice versa. Although cooperation towards successfully achieving goals entails gathering input from others, many teams are doing the exact opposite. 

For example, Carbon Black’s report clearly highlights an ongoing war between IT and Security. Their survey revealed that  77.4% of respondents admitted to chasing the same objectives as their counterparts, but having an overall negative relationship.

Finding common ground on identity management

Many companies are faced with the dilemma of having to decide who gets to keep or own identity and access privileges. Employees who change roles within the company sometimes maintain unnecessary access levels to carry out ad-hoc tasks. An investigation report by Verizon carried out in 2019 revealed that 81% of data breaches were consequences of weak credentials.

Consequently, the security risk incurred by granting continuous access, often prompts security teams to withdraw privileges or deny requests, which causes cross-departmental friction. Non-security staff don’t understand the risks of keeping such privileges, and cyber security experts don’t put in enough effort to explain it. Suddenly, the business needs are clashing with the security measures put in place to protect said needs.

Lack of motivation leads to non-compliance

Some staff simply refuse to take security policies seriously, as they don’t think it’s something they have much control over. At the same time, many employees are either annoyed by security or see it as an inconvenience, an obstacle which prevents them from being time-efficient. 

When it comes to encouraging staff to comply with cyber security guidelines, businesses need to adopt a flexible approach. Staff will overlook the risks of non-compliance if they can’t relate to its use and importance. More often than not, important security procedures end up being shunned because people simply don’t understand what they’re there for. 

Overall, efficient cyber security equally relies on human behaviour as it does on technology and machinery. Involving the whole organisation in the conversation and engaging all employees to complement existing training will boost motivation and reduce cyber risk. 

OGL Computer provides a wide range of bespoke cyber security solutions, specifically designed to tackle even the most elaborate of cyber crime attempts. Our services are delivered by industry experts who have gained breadth and depth into the industry by successfully resolving complex incidents and implementing intricate cyber security measures. Find out how we can transform your business by downloading our cyber security guide or get in touch with us today.