Fujitsu Advises: Effective Business Cyber Security Needs a “Human Firewall”
News facts:
- To build an effective defense against cyberattacks, businesses must build a culture that creates a human firewall of cyber security-aware employees
- 61% of international business employees believe their current cyber security training is ineffective – with boredom, lack of targeting, and generic content contributing to a lack of sense of ownership
- As employees most often cause security breaches, investing in building trust and engaging employees with targeted content is an essential part of building an effective security posture
Munich, April 14, 2021
Businesses’ potentially most effective line of defense against cyber-attacks is their own educated and mobilized employees. However, Fujitsu cyber security experts warn that many corporate workers are unaware of their vital role in protecting their businesses against cyber crime, believing that security is the IT department's sole responsibility.
Fujitsu says the primary reason for this disconnect is the approach taken by most IT security teams to raise awareness of cyber security issues. Most rely on one-size-fits-all, annual security training. By failing to effectively empower colleagues to take collective ownership – or share the knowledge they need to form the first line of defense – they leave their organizations open to attack. Ultimately, the most common security breaches occur when employees click on email links or open attachments that deploy malware or collect sensitive information in phishing attacks. Addressing this weakness with the right corporate culture and knowledge sharing is the most effective cyber security measure that a company can take.
The need to build an effective ‘human firewall’ is more critical now than ever. First, most business communication currently occurs outside of the corporate network, thanks to mostly home-based workforces. Cyber criminals are also taking full advantage of the ongoing pandemic to launch an onslaught of attacks – from misinformation campaigns to sophisticated attacks that take advantage of unsecured home networks.
To better understand the scale of the challenge faced by IT teams, Fujitsu recently sponsored an international survey of 331 senior executives from various organizations in 14 countries1. Respondents came from five broad industry groups: financial services, retail, manufacturing (including automotive), energy (including utilities), and central/federal government.
Results revealed that a worrying 45% of respondents believe cyber security has nothing to do with them. And 60% said all employees in their company receive the same cyber security training, despite significant differences in roles and security issues they face. Of the businesses that provide role-based training, 61% currently find it ineffective.
The survey also revealed why employees consider cyber security training to be such a turn-off: Just 26% of non-technical workers find the training engaging, 32% say it is too long, 35% are bored, and the same percentage say it is too technical. However, gamification is an easy way for companies to make it less of a box-ticking exercise – most non-technical respondents (69%) think training is most effective when it involves games, rewards, or quizzes to improve security awareness or behavior.
Tim White, EVP and Head of Global Services Business Group, comments: “We have all experienced generic training modules – which only serve to tick a compliance box. Organizations should be trying to empower and engage groups on an individual basis to ensure they are aware of potential security risks – rather than boring them to distraction with untargeted webinars. Through building a sense of collective and engaging employees on an individual basis, it’s possible to introduce a culture where everyone’s job contributes to the company’s overall security posture. To borrow the old phrase, ‘it takes a village to raise a child’. Investment in creating the right culture, educating employees, and building trust is the most effective approach, which in turn makes organizations genuinely resilient to modern cyber threats”
Tim says an easy way to tell immediately whether a company’s security culture is on point is by looking at who attends its high-level security meetings. He adds: “If the CEO and heads of departments attend security meetings, that’s a good sign that the company is establishing a great security culture from the top down. If, on the other hand, attendees just comprise IT and security people, that’s a warning sign.”
A healthy dialog between IT departments and individual employees also puts an end to well-meaning blanket bans on technologies that interfere with day-to-day work. For example, countless businesses banned employee access to cloud-based file-sharing services only to find that they were necessary to share contracts or designs. To effectively address security concerns, the discussion must find solutions to make these services work for the company.
Fujitsu’s advanced security solutions help businesses and public agencies minimize disruption and maintain business continuity by strengthening their security strategy and operations across every level of an organization. This means intelligence-led solutions supported by an integrated and collaborative approach to cyber security challenges – all delivered to the highest security standards. This enables organizations to adopt a security model that retains the elasticity necessary to operate in the current conditions and offers security without hindering business growth.
Fujitsu says the primary reason for this disconnect is the approach taken by most IT security teams to raise awareness of cyber security issues. Most rely on one-size-fits-all, annual security training. By failing to effectively empower colleagues to take collective ownership – or share the knowledge they need to form the first line of defense – they leave their organizations open to attack. Ultimately, the most common security breaches occur when employees click on email links or open attachments that deploy malware or collect sensitive information in phishing attacks. Addressing this weakness with the right corporate culture and knowledge sharing is the most effective cyber security measure that a company can take.
The need to build an effective ‘human firewall’ is more critical now than ever. First, most business communication currently occurs outside of the corporate network, thanks to mostly home-based workforces. Cyber criminals are also taking full advantage of the ongoing pandemic to launch an onslaught of attacks – from misinformation campaigns to sophisticated attacks that take advantage of unsecured home networks.
To better understand the scale of the challenge faced by IT teams, Fujitsu recently sponsored an international survey of 331 senior executives from various organizations in 14 countries1. Respondents came from five broad industry groups: financial services, retail, manufacturing (including automotive), energy (including utilities), and central/federal government.
Results revealed that a worrying 45% of respondents believe cyber security has nothing to do with them. And 60% said all employees in their company receive the same cyber security training, despite significant differences in roles and security issues they face. Of the businesses that provide role-based training, 61% currently find it ineffective.
The survey also revealed why employees consider cyber security training to be such a turn-off: Just 26% of non-technical workers find the training engaging, 32% say it is too long, 35% are bored, and the same percentage say it is too technical. However, gamification is an easy way for companies to make it less of a box-ticking exercise – most non-technical respondents (69%) think training is most effective when it involves games, rewards, or quizzes to improve security awareness or behavior.
Tim White, EVP and Head of Global Services Business Group, comments: “We have all experienced generic training modules – which only serve to tick a compliance box. Organizations should be trying to empower and engage groups on an individual basis to ensure they are aware of potential security risks – rather than boring them to distraction with untargeted webinars. Through building a sense of collective and engaging employees on an individual basis, it’s possible to introduce a culture where everyone’s job contributes to the company’s overall security posture. To borrow the old phrase, ‘it takes a village to raise a child’. Investment in creating the right culture, educating employees, and building trust is the most effective approach, which in turn makes organizations genuinely resilient to modern cyber threats”
Tim says an easy way to tell immediately whether a company’s security culture is on point is by looking at who attends its high-level security meetings. He adds: “If the CEO and heads of departments attend security meetings, that’s a good sign that the company is establishing a great security culture from the top down. If, on the other hand, attendees just comprise IT and security people, that’s a warning sign.”
A healthy dialog between IT departments and individual employees also puts an end to well-meaning blanket bans on technologies that interfere with day-to-day work. For example, countless businesses banned employee access to cloud-based file-sharing services only to find that they were necessary to share contracts or designs. To effectively address security concerns, the discussion must find solutions to make these services work for the company.
Fujitsu’s advanced security solutions help businesses and public agencies minimize disruption and maintain business continuity by strengthening their security strategy and operations across every level of an organization. This means intelligence-led solutions supported by an integrated and collaborative approach to cyber security challenges – all delivered to the highest security standards. This enables organizations to adopt a security model that retains the elasticity necessary to operate in the current conditions and offers security without hindering business growth.
Notes to editors
1 The global survey was carried out in September 2020 by Longitude / Financial Times on behalf of Fujitsu.
1 The global survey was carried out in September 2020 by Longitude / Financial Times on behalf of Fujitsu.
Online resources
- Read the Fujitsu blog: https://blog.global.fujitsu.com/
- Follow Fujitsu on Twitter: http://www.twitter.com/Fujitsu_Global
- Follow us on LinkedIn: http://www.linkedin.com/company/fujitsu
- Find Fujitsu on Facebook: http://www.facebook.com/FujitsuICT
- Fujitsu pictures and media server: http://mediaportal.ts.fujitsu.com/pages/portal.php
- For regular news updates, bookmark the Fujitsu newsroom: https://www.fujitsu.com/emeia/about/resources/news/newsroom.html
About Fujitsu
Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Approximately 130,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.9 trillion yen (US$35 billion) for the fiscal year ended March 31, 2020. For more information, please see www.fujitsu.com.Public Relations
International Corporate Communications
E-mail: public.relations@fujitsu.com
All other company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.
Date: April 14, 2021
City: Munich
