Security: A Shared Responsibility and Everyone's Priority

Trends such as digital transformation, cloud computing and increasing cybercrime have prompted employees in every role within organizations of every size across industries to be on guard for potential cyber attacks. In fact, IBM Data Breach Reports 83% of organizations experienced more than one data breach during 2022. It’s not a matter of if your organization will be a target – it’s a matter of when.

With billions of people around the globe working remotely, defending an organization from cyber threats now extends beyond the traditional network perimeter, requiring new strategies to protect users, data and business assets where they are. This transformation raises questions around employees’ roles and responsibilities moving forward. 

Understanding the impact of security on your role in an organization and the strength of its cybersecurity stance is critical. Cybersecurity is essential to ensuring the health and success of your business – just as important as your financial and operational controls.

Every Employee Is Responsible for Successful Cybersecurity

At BDO Digital, our Cybersecurity Solutions team focuses on delivering a complete cyber threat management solution that is proactive in its threat defense and adapts to an ever-changing cybersecurity threat landscape. But successful cybersecurity also depends on the involvement of every individual within an organization. 

In today’s new world of remote and hybrid workplaces, an organization's people are its “perimeter.” Employees’ identities provide access to the data, devices, and information they need to do their jobs, and it’s essential to  establish the right policies and awareness training programs, enabled through the use of technologies to secure remote workers. 

However, ensuring that employees understand how to keep their identities safe is an important step in protecting the organization and protecting personal information. For example, teaching employees about using multi-factor authentication and maintaining strong password/identity hygiene is critical to any organization. Phishing attacks are still one of the most common ways hackers penetrate an organization, so employees need to understand how to spot and report these attempts with confidence. Every employee needs to understand the secure process for interacting with data, as well as the procedures put in place to keep their identities, sensitive documents, and the organization safe and secure.

Some roles are more vulnerable to cyber threats

There are several roles within an organization where employees are more vulnerable, due to the nature of the information they handle and process. Let’s examine a few of them:

1. Finance: As the Finance department manages highly sensitive and confidential financial information for the organization, their employees have a greater need for training in the processes needed to securely share, handle and store that information. The average cost of a data breach is at an all-time high this year of $4.45 million, up 2.3% since 2022. CFOs need to forecast for investments in security, and to do so, they must understand what vulnerabilities lurk in an organization's legacy systems and infrastructure. That’s why 65% of organizations plan to increase cybersecurity spending in 2023.  
2. Human Resources: HR plays two important roles: employee and stakeholder. First of all, HR departments need to watch out for potential insider risk, which may result from a negative work event such as a termination or dispute. They also must make sure sensitive information isn’t leaked as a result of an employee leaving the company. Secondly,  HR roles are frequently targeted for attacks by cybercriminals because of the vast amount of external documents – resumes and others – that they receive. Bad actors may hide malicious malware or launch phishing attacks, which can present a huge threat to employees who are not trained to recognize them. Lastly HR is often engaged in situations that align with insider risk and employees not aligning with corporate policy.  
3. Sales and Marketing: Doing business with today’s consumers and businesses requires transparency about your security practices, how you handle data and the measure you’re taking to safeguard their information. Security breaches can have a long-lasting impact – not only on finances but on your reputation and customer trust. That’s why sales and marketing leaders must have a deep understanding of their organization’s security practices and the important role communication procedures play in the case of a breach or security event.
   
   What’s more, marketers and sales teams may have access to sensitive information about product roadmaps, sales data, competitive insights, partnerships and customers that they must safeguard, so partnering with HR to educate their teams is an essential part of a complete cybersecurity strategy.
4. Supply Chain: Supply chain attacks are on the rise this year, with two new threats – 3CX and MOVEit – entering the scene. And unfortunately, even when an organization’s cyber defense is strong, they may be vulnerable because of a supplier or third-party provider that’s susceptible to attack, as hackers look for weakness in hardware, people, processes and vendors to exploit. Any disruption to a company’s supply chain can have a negative impact on an organization’s ability to service customers. Supply chain leaders must have been familiar with the various technological components and ensure their suppliers are implementing cybersecurity best practices.
   
   A prime example is FireEye’s discovery of a highly sophisticated cyber intrusion that leveraged a commercial software application made by SolarWinds. It was determined that the advanced persistent threat (APT) actors infiltrated the supply chain of SolarWinds, inserting a backdoor into the product.
   
   While these line of business are often targeted more frequently, threat actors know that people are often the weakest link in any cyber defense strategy. Knowing this, it is crucial for organizations to educate their employees and put safeguards in place to report suspicious activity and monitor for external threats with a 24x7 SOC or managed SOC provider as well as internal threats with solutions to identify internal threats or insider risk.

Managed Cybersecurity to Help Mitigate Risks & Threats 

With the potential for data breaches and ransomware attacks increasing, and a workforce that’s more remote and distributed than ever, CISOs face many challenges to tackle. Creating a cybersecurity culture can be one of the most important steps an organization takes to meet these challenges head-on.  

BDO Digital can help you implement a complete cyber threat program that ranges from employee education through to deployment of security solutions and even managed services with deep expertise to augment your current security team.