Brian Martin at Integrity360 explains why there is an urgent need to ensure that cyber-security processes work for the end user as well as for the organisation.
Ironically, the cyber-security measures that are intended to keep operations running and performing through good times and bad can also themselves threaten productivity.
A research report sponsored by Dell back in 2015 found that as many as nine in ten employees complain that company security policies limit their personal productivity in the workplace, although keeping business secure was even then becoming more and more of a priority.
End users told the hardware vendor the situation was “getting more frustrating by the day”, while IT security managers protested the need to lock down access to resources. Of course, poor productivity typically has multiple negative consequences, slowing an organisation’s ability to respond to customers as required and creating myriad inefficiencies, even damaging staff morale and loyalty.
More than five years on, the stakes have risen due to the pandemic. Taking action has become urgent post-Covid-19 with increased remote working and the hybridised workplace, which, because it goes beyond the corporate network perimeter, can be much more vulnerable to cyber-attack.
Stricter IT security standards required for staff working from home reduce productivity further: staff cite problems accessing important data and information, or restrictions on using home technologies in order to print or view certain documents. Furthermore, the numbers citing problems doubled in the year to February 2021, according to Deloitte.
Most, if not all, organisations worry about regulatory compliance and reputational damage as a result of a data breach or cyberattack. How can they prevent these impacts, yet also maintain, even enhance, productivity? Is the industry hitting a wall when it comes to achieving these seemingly opposed goals?
There’s no doubt that companies of all kinds and sizes typically need to invest in cybersecurity know-how and address capacity and resourcing, without neglecting ongoing requirements around staff education and training – as Deloitte also notes.
The way to fix this false paradox is not by ditching cybersecurity measures or even reducing the layers and levels of defence, but by seeking better ways to apply cybersecurity principles and techniques.
When organisations moved to hybrid and remote ways of working during lockdown, the idea was to ensure that employees could keep working on key tasks, continuing to collaborate and generate revenue for their employer. This sometimes would have meant bringing in new technology solutions and implementing them without full consideration of the overall effect on workplace productivity.
Much has been made of the ‘quick-fix’ approaches many organisations adopted, forced as they were to move rapidly to keep their heads above water despite disruptive economic dynamics.
Cyber-security boosts productivity
Done right, cyber-security measures also shore up and boost productivity. Achieving overall best-practice for every organisation can be complex, sometimes involving three steps back and two forward in the attempt to move ahead. One key is to remember that improved cyber-security also acts to protect productivity.
Little is more damaging to productivity than a massive systems outage or loss of confidential or sensitive data. Sure, imposing cyber-security controls can damage productivity. But so do lax controls that allow a virus outbreak, spyware or a botnet infection, slowing IT processes and hamstringing the ability to trade online. So does being locked out of the system as a result of ransomware attacks, cryptojacking and the like – all reported to be on the rise this year.
The average downtime after a ransomware attack is 16 days, hugely hampering productivity along with the time spent rebuilding servers and recovering systems and data. Add to this the potential for product delays if the breach hits their supply chain which can impact large enterprises if their vendors are attacked and halt businesses processes.
Productivity also typically suffers due to the time taken to research and keep up with those never-ending security alerts. There is so much more that a security operations centre (SOC) team could be doing than investigating and analysing alerts. Solutions exist that can orchestrate and automate responses, although many organisations are way off fully implementing such offerings in-house.
In fact, as Ponemon Institute studies have suggested, SOC teams are of late becoming more ineffective – even demoralised – and delivering reduced returns on their investment, partly as a result of the rising complexities and costs around investing and maintaining cyber-security solutions.
Technology and the human factor
Technology going hand-in-hand with the human factor is the key to achieving maximum productivity. Organisations can tackle struggles with cyber-security infrastructure by ensuring solutions are performing optimally, as well as providing more training, including standardised, straightforward guidance, not only to maximise the level of security achieved but to assist staff and managers to get past hurdles to productivity.
When all travel together on the road to cyber-security, an organisation can also inspire by its awareness of the issues and how it is working to ‘build back better’, even when a setup is suffering temporary teething problems. Employee education should therefore cover all security issues, from malware and phishing to identity management, data protection, encryption, and security at different endpoints and at the edge.
It may seem like a great deal of knowledge must continually be developed, maintained and applied to achieve a productive yet cyber-secure workplace. However, organisations need not, of course, struggle along forever on their own.
Fully managed solutions are available from providers in many flavours to speed up SOC and provide assurance in the face of increased risk. Services include managed detection and response (MDR) and security orchestration, automation and response (SOAR).
Specialist organisations, tasked with keeping up with the latest possibilities, can also be better placed to learn new ways to implement robust cyber-security that protects data as well as productive workflows.
Either way, effective cyber-security implementation will not just monitor and respond to threats, safeguarding documents, files and other assets. It will contribute to a quality user experience that enhances collaboration. Productivity will be improved, even for employees no longer tied to a central office five days (or more) every week And peace-of-mind will be created for their employers.
Brian Martin is Head of Product Management at Integrity360
Main image courtesy of iStockPhoto.com