You are the weakest link, Latest Singapore News - The New Paper

You are the weakest link

This article is more than 12 months old

Humans are the most vulnerable in businesses' cybersecurity

If you're currently working in an organisation, chances are you are privy to a whole range of critical and sensitive business data.

Like many around you, you also access the data across multiple devices from company-issued laptops, to your personal cell phones and tablets, inadvertently opening a Pandora's box of threats.

This might come as a shock, but you could be your company's biggest vulnerability in terms of cybersecurity.

While organisations continue to skyrocket spending on technology, the cyber security satisfaction rates are not always up to par. According to Forcepoint's recent Human Point survey in Asia-Pacific, only 6 per cent of cybersecurity professionals feel they have extremely good visibility into how employees use critical business data across multiple platforms.

With humans as the constant across technology use and cyber threats, today's security tools are simply not able to capture the best understanding of human behaviour and intent.

While it must be said that most employees are not malicious, they might inadvertently and unknowingly become accomplices to a cybercrime if they are not careful with their activities online.

This makes the understanding of user behaviour and intent crucial for both the organisation and the employee in this new age of borderless information and interactions.

The massive data sprawl, which sees confidential information spread across public cloud systems, networks and devices, is happening globally and is a huge concern for companies.

For businesses in Singapore, there is no better time to start zoning in on the human side of cybersecurity than now.

In the recent Budget 2017 announcement, the Government stressed the need for digitisation across all industries.


With increased connectivity and the adoption of more technological innovations, it is inevitable that more data will be pushed to the cloud or other online platforms.

Taking BYOD (bring your own devices) to another level, more employees will be able to access and transfer company information from the privacy of their own homes.

Businesses will need a lot of context around their employee's behaviours and intent to make a case against the attacker.

With this scenario in mind, it is best to assume that anyone is an insider and, therefore, a potential insider threat.

In the same way, everyone can also be a potential victim.

This state of vigilance would serve modern enterprises far better than broken cyber-defence models centred on "keeping bad stuff out".

To start, companies can develop an in-depth cybersecurity system that considers user behaviour analytics and is more selective with the access they are granting to employees.

Adequate folder controls need to be put in place so someone from another department does not gain access to confidential human resource information, for example.

On the part of the employee, more attention can be paid to social media and Internet usage for personal and professional reasons.

Privacy settings are key to preventing attacks.

As individuals share much of their personal and sensitive information on social media, attackers can take advantage of the information for malicious purposes, including creating context around hacking.

Humans are the weakest link and understanding their behaviours will change the face of the cyber security game.

The writer is vice president of Asia-Pacific, Forcepoint, a global company specialising in cyber security solutions and services.