Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Building a zero mistake culture to combat cyber crimes

TerenceNgai

HP20150129324 -Cyber.jpgIn my last blog post, I wrote about the changing landscape of cloud security from traditional security solutions. Often times, human errors can put your business in grave danger. In a 2014 study by the Ponemon Institute, the average annualized cost of cyber crimes incurred by a benchmarked sample of US companies was $7.6 million per year. The average cost incurred to resolve a single attack totaled more than $1.6 million. In this blog, I am going to discuss the human and organizational aspects of how to protect your crucial assets in the modern cloud era.

 

 

Small Mistake, Big Consequences

 

While technological solutions that detect, repel and eradicate security threats are crucial, minimizing human errors and malicious insiders is equally important. The door may be open to malicious attacks from a variety of events such as:

 

  • Failure to apply the latest patch to system vulnerabilities,
  • Misconfigured settings
  • Violations of standard security procedures

As an example, hackers penetrated JPMorgan Chase by exploiting a server whose security settings had not been updated to dual-factor authentication. This form of authentication requires a second one-time password to gain access to a protected system. Once inside JPMorgan, hackers managed to gain high-level access to more than 90 bank servers and subsequently the phone numbers, home and email addresses of 83 million households and small businesses. Investigators said the breach could have been thwarted if the bank had made a simple security fix to the overlooked server.

 

How about security control procedures? Do you change the network and system login passwords when a network admin leaves the company? Do you know if a disgruntled ex-employee leaves security loopholes in the system for potential attacks? In a recent survey, 32 percent of companies in the UK believe that former employees with access to corporate systems and data could put them at risk of security breach with old passwords and access rights.

 

Zero Mistake Culture

 

You must create an exceptional culture of high performance with no margin of error — I call it a ‘zero mistake culture’. The consequences of a single error can be catastrophic. Think about military operations, nuclear power plants, and air traffic control systems. Their operators don’t have the luxury of learning from mistakes. With a zero mistake culture, even though you might never completely eliminate risks, you are doing your best to minimize risks and vulnerability.

 

How do you foster a zero mistake and high performance culture in combating cyber crimes?

 

  • Accountability – Clearly articulate the consequences of not immediately taking responsibility for mistakes or taking risky shortcuts. Employees must feel a sense of integrity and accountability to report any suspicious anomaly. Managers must eliminate the fear of honesty and increase the consequences of dishonesty for their employees.
  • Training and certification - Develop and implement rigorous training and certification programs on potential threats and proper security procedures. This helps make sure everyone administering or using digital assets meets the pre-defined criteria and is certified to do so. Make sure you re-train and re-certify at proper intervals.
  • Check up on your defenses – Conduct planned and unplanned security inspections and simulate cyber-attacks to test for disaster readiness.
  • Diligent hiring process and periodic re-screening of key employees – This might sound like an obvious step as most companies have background checks for new employees. However, having a diligent and thorough hiring process is particularly important for key personnel you are handing the keys to. Conduct annual or bi-annual re-screening of those key personnel and look for early warning signs.
  • Communication and management of change – Senior leaders must take personal ownership of communicating and driving this zero mistake culture. If the senior leadership does not take cyber security threats seriously, their organization won’t either.

In the aftermath of the attack, JPMorgan has set up a “business control group” of about a dozen technology and cybersecurity executives to assess the fallout and to prevent hackers from breaching its network in the future. The group has been holding meetings once every few weeks.

 

Keeping an eye on what’s most important

 

In summary, while technological capabilities to combat cyber threats are crucial, human excellence in preventing errors that leave you vulnerable is even more important. You must understand what matters to your business and who is safe guarding your key assets. Making sure you have a zero mistake culture is the best defense to potentially catastrophic cyber crimes.

 

To learn how HP can help, visit the HP Security or HP Helion page to find out how HP can help.

0 Kudos
About the Author

TerenceNgai

cloud SaaS hybrid IT

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all