Minimizing the Pain of Cyber Crime: The Human Factor
Until two years ago, cybersecurity was primarily used as a sexy buzzword, a trending phenomena reserved and understood by few. Today, cyber breaches worldwide are the root cause of digital pain for many societies, sectors and organisations around the world.
The cyber threat landscape is evolving at an alarming pace because of the pandemic. Cybercriminals have an in-depth understanding of how to prey on the human vulnerability of a remote or hybrid workforce.
No matter how much an organization invests in technical firewalls that are state of the art; emotional firewalls cannot be managed or upgraded like technology.
Integrating the human factor in the cyber threat profile of any organization can feel painful when human error keeps your most valuable assets at risk for data theft, ransomware hijack, and commercial espionage, to name a few.
The pain of change in trying to change mindsets and behaviors so cyber hygiene is at the foundation of the new digital ways of working can take its toll. The visible cost of malicious cyber crime attacks is estimated to cost the world over 10,5 USD trillion by 2025.
The invisible cost of reputational damage, loss of confidence and trust, psychological impact on employees, disruption of business continuity, and regulatory sanctions which can close down your business are all coming to the surface. The pain of loss and change is reaching its breaking point.
Mobile application launch gives birth to a company’s worst case scenario
An anonymous cybercriminal group has hacked into your mobile payment gateway system app and hijacked thousands of mobile user accounts. How is this possible, you may think?
Blockchain technology is one of the most secure technologies that exist out there.
The CEO and the Senior Management underestimated the risk profile of end-to-end point vulnerability that comes into play with blockchain technology. You tried to warn them to no avail.
Cybercriminals understood human exposure and were no longer concerned about hacking the app or encrypting the software. Instead, they used social engineering techniques and profiled perfect target customers to steal their login credentials when using mobile applications.
And that was the start of a significant cyber breach of what is referred to as the most secure mobile app in the country. Cybercriminals ask the users to pay amounts varying from 300k to 50,000k in Euros through cryptocurrencies to circumvent banks’ financial bureaucracy.
Unfortunately, many customers pay the charges because their levels of fear and anxiety are higher than their level of rational response options.
Imagine working as the CISO for a large international organization in the financial services industry named Financial Inc., located in Country X. Financial Inc. is employing more than 3000 people worldwide.
As the CISO, you tried to slow down the process of taking the mobile application to market as there were too many bugs and security issues. The testing and validation process from a security perspective was nowhere near mature. Still, the Board of Directors decided to launch the mobile application based on the recommendations from Senior Management and championed by the CEO. The risk of lagging behind the competition and losing market segments was not an option.
The mobile application seemed like a significant success during the roll-out phase across the country. Customers seemed content with their user experience and the new secure blockchain technology, which guaranteed encryption and end-to-end protection.
How will you navigate this unfolding cybercrime nightmare?
The Board of Director’s trust and confidence in the Company’s senior management to manage and recover from this breach plummeted.
The CEO blamed you for not being upfront about the amplified security risks.
The Marketing and Innovation teams suffered a mental blow as their hard work in putting their blood and sweat into the market is shattered in a thousand pieces as the mobile application is pulled back.
The Insurance Company refused to pay as, in their view, there is enough evidence to show that due diligence was absent on many levels related to human factor.
You see no other option than to hand in your resignation as recovering from such a significant blow seems impossible now that you have lost the board’s credibility.
Not to mention the stress, pain and overwhelm involved in navigating a cyber breach where many seem to be on a different sheet of music.
The long-term consequences and impact of the cyber breach are grim, both the visible and invisible costs are in the millions and no one really knows how this will unfold.
But one thing is sure: the pain of investing upfront in the human factor as part of a holistic approach is minimal compared to the cost and loss Financial Inc. faces.
The Human Factor
The Chief Information Security Officer (CISO) role is evolving at a fast pace in the post-Covid 2019 workforce landscape. At first, information security and cyber were perhaps their primary responsibility. They ensured business continuity and reduced the risk for cyber breaches in line with the organizational risk appetite. Besides, cyber insurance helped senior management sleep at night as the loss in monetary terms was minimal.
This is all changing as insurance premiums are skyrocketing with expected market depletion in the years to come. Ransomware attacks are the new digital virus with emerging regulations that forbid organizations to pay, not to mention the pain and trauma organisations go through to recover. Human vulnerability is often responsible for more than 75% of an organization’s cyber breach profile.
Transforming an entire workforce into cybersecurity experts is not feasible, nor should it be an option. But adopting basic cyber hygiene as a new way of working, as part of a new mindset, and as part of a safer, secure, and resilient online working culture is no longer a luxury but a necessity.
How do we get there from here?
Minimizing people’s pain of change is at the heart of a successful cyber hygiene awareness and readiness culture.
What if the role of the CISO becomes more people-centric to help inspire and lead this cultural change?
What if people understood that building emotional firewalls could increase their focus, performance, and well-being, leaving more energy to complete their work?
What if people no longer perceived cyber hygiene as a burden but as a necessary behavioural change that helps them thrive in the workplace?
Let’s take a closer look at what we mean by emotional firewalls in this guide and why it is at the heart of reducing the pain of change and achieve your desired cyber hygiene culture.
Continue reading our Cyber Collaboration Guide for the Financial Services Sector here.