Tag Archives: cloud security

Head in the clouds: why nuanced security training is essential to remote working success

by Bharat Mistry

Organisations have been forced to adapt rapidly over the past few months as government lockdowns banished most workers to their homes. For many, the changes they’ve made may even become permanent as more distributed working becomes the norm. This has major implications for cybersecurity. Employees are often described as the weakest link in the corporate security chain, so do they become an even greater liability when working from home?

Unfortunately, a major new study from Trend Micro finds that, although many have become more cyber-aware during lockdown, bad habits persist. CISOs looking to ramp up user awareness training may get a better ROI if they try to personalise strategies according to specific user personas.

What we found
We polled 13,200 remote workers across 27 countries to compile the Head in the Clouds study. It reveals that (72%) feel more conscious of their organisation’s cybersecurity policies since lockdown began, 85% claim they take IT instructions seriously, and 81% agree that cybersecurity is partly their responsibility. Nearly two-thirds (64%) even admit that using non-work apps on a corporate device is a risk.

Yet in spite of these lockdown learnings, many employees are more preoccupied by productivity. Over half 56% admit using a non-work app on a corporate device, and 66% have uploaded corporate data to it; 39% of respondents “often” or “always” access corporate data from a personal device; and 29% feel they can get away with using a non-work app, as IT-backed solutions are “nonsense.”

Four security personas
This is where the second part of the research comes in. Trend Micro commissioned Dr Linda Kaye, Cyberpsychology Academic at Edge Hill University, to profile four employee personas based on their cybersecurity behaviours: fearful, conscientious, ignorant and daredevil. 

In this way:

Fearful employees may benefit from training and simulation tools as well as real-time feedback from security controls and mentoring.

Conscientious staff require very little training but can be used to good effect as exemplars of good behaviour and to team up with “buddies” from the other groups.

Ignorant users need gamification techniques and simulation exercises to keep them engaged in training, and may also require additional interventions to truly understand the consequences of risky behaviour.

Daredevil employees are perhaps the most challenging because their wrongdoing is the result not of ignorance but a perceived superiority to others. Organisations may need to use award schemes to promote compliance, and, in extreme circumstances, step up DLP and security controls to mitigate their risky behaviour.

By understanding that no two employees are the same, security leaders can tailor their approach in a more nuanced way. Splitting staff into four camps should ensure a more personalised approach than the one-size-fits-all training sessions most organisations run today. Employees will benefit from training and simulation platforms like Trend Micro’s Phish Insight, with its diverse library of training content designed to suit the varying cultures of organisations, skill levels and roles of employees. 

Join Trend Micro for a fresh perspective on cloud security

by Ross Baker

The current pandemic has done little to reduce the daily workload of most CISOs. In fact, with cyber-criminals ramping up social engineering efforts against home workers and attacks on remote access infrastructure, your spare time may well be more precious than it’s ever been. That’s why Trend Micro has created Perspectives, a jam-packed two-hour virtual event focused around the topic of securing digital transformation. 

Experts from AWS, Azure, Trend Micro, IDC and some of our biggest customers will come together to share their insight on Thursday, June 25.

Continue reading

Industry report points to major cloud security challenges

by Bharat Mistry

For the past 12 years, Verizon has been publishing its Data Breach Investigations Report (DBIR). Whilst not the final word on the threat landscape, it always offers some interesting insight into current trends — this year distilled from over 32,000 analysed “incidents” and nearly 4,000 breaches worldwide. That’s why it was interesting to note the uptick in cloud-based threats stemming from external malice and insider error revealed in this year’s report.

The good news is that Trend Micro helps global organisations mitigate both types of cyber-risk; providing peace-of-mind to support employee productivity in a current climate of mass remote working.

Continue reading

HQs in the cloud: the case for security as enabler has never been stronger

By Jay Coley

Our CEO, Eva Chen, predicted recently that the Covid-19 experience will change organisations for good. This is to be largely welcomed. It will help us “fix antiquated processes” and increase remote working, which is good for staff productivity and work-life balance. One other prediction of Eva’s stuck in our minds: the idea that company headquarters in the future will be “located in the cloud”. 

In fact, organisations up and down the UK are already working this way. It is bringing with it new opportunities, as well as a host of challenges, for IT security teams. As these companies struggle to ride out the current crisis, more than at any time we can remember, the function needs to step-up as a true business enabler.

Continue reading