Beyond the pandemic, the Great Resignation, and your competitors, there is an even bigger threat looming on the horizon. Cybercrime is the disruptor of all disruptors, and no individual or organization is immune.
If cybercrime was measured as a country, it would be the world's third-largest economy after the US and China, according to new research from the Cybersecurity Almanac 2022. Cybercrime inflicted damages totaling an estimated $6 trillion USD globally in 2021. And in a recent KPMG survey of 500 CEOs, 18 percent said that cybersecurity risk would be the biggest threat to their organization's growth through 2024 -- up from 10 percent last year.
Citigroup (then Citicorp) appointed the world's first Chief Information Security Officer (CISO) in 1994 after sufferings a series of cyberattacks from Russian hackers. Today, almost half of organizations employ a CISO. Gartner predicts that 40 percent of company boards will have a dedicated cybersecurity committee by 2025, also noting that by 2024, 75 percent of CEOs will be personally liable for cyber-physical security incidents.
Hameed Saeed, CEO of the leading cybersecurity provider Pango Group, sat down with Karen Mangia, WSJ bestselling author and Salesforce VP of Customer and Market Insights, to share steps both individuals and organizations can take to protect their information and to prepare for a breach.
Karen Mangia (KM): How did you get interested in cybersecurity?
Hameed Saeed (HS): I'm an innately curious person. As a kid, I loved to solve riddles and math problems. Now, I love to solve complex strategic and operational problems. Whether that's helping companies figure out how to grow or figuring out how something works, discovery is my fuel. Curiosity, when combined with a structured, data-driven approach, makes problem solving possible. And there's no shortage of problems to solve in the cybersecurity and identity protection space!
KM: Immersing yourself in the world of hackers and cybercriminals seems like it could be disheartening at times. How do you stay positive considering the issues you're exposed to on a daily basis?
HS: Staying positive about the cybersecurity is based on your perspective. Rather than focusing on someone's ill intention, I focus on the people I'm helping with my problem-solving skills and with the solutions we provide. No one wants to be the person whose credit card -- or worse -- is compromised or the CXO who makes headlines for a major security breach. I view my vocation as an opportunity to help protect people from malicious activities and to create choices when the inevitable breeches occur.
Here's a video of five things every company needs to know about data privacy and cybersecurity.
KM: Global spending on security awareness training for employees, previously one of the most underspent cybersecurity budget items, is predicted to reach $10 billion by 2027, according to Cybersecurity Ventures. Does this surprise you?
HS: I'm not surprised. The reality is that employees are the first line of defense against most cyberattacks. The more that employees can be trained to be aware of what to look for, the types of links and attachments to avoid, the better. Especially as employees continue to work from home and work from anywhere. Every employee needs to know how to protect themselves, their data, their organization's data and how to spot cyber-attacks. Employees also need to know how to report suspicious activity or a possible breach. The reality is that cyberattacks are expensive, and I believe investing in employee education is money well spent. The impact of a single human error can be quite costly -- not to mention embarrassing.
KM: How much do you recommend organizations allocate to security and to security education?
HS: There's not a hard and fast rule. Organizations often believe security comes at a high cost. And that's not entirely true. Going back to what we were just discussing, well-educated employees and encouraging security-conscious behaviors among employees, like using a VPN or pausing before you click, are incredibly effective and affordable. You can protect yourself without hiring a huge security staff. Also, keep your systems patched and up to date. Consistency is key.
KM: What are some steps every organization can take to become more secure?
HS: Focus on educating employees first. I can't reinforce this enough. Continue to refresh your security. Hackers and cybercriminals keep getting smarter and more sophisticated. Help your employees do the same.
Next, recognize that a security breach is not a matter of "if," it's a matter of "when." So be prepared. Regularly refresh your incident response plan and your crisis communication plan. During a breach, it's easy to panic; having a well thought out plan in advance is the best way to contain the panic.
Third, take identity fraud seriously. Hackers rarely stop at compromising an employee's personal details. That information simply starts the domino effect of finding a way into employees' work accounts. Some organizations offer employees identity threat protection programs as a free benefit for this very reason.
Fourth, be aware of how hackers are evolving. SMS messages are an increasingly common way hackers try to trick employees into surrendering their personal information.
And, finally use what I call the principle of least privilege. Reserve access to sensitive data for the fewest number of employees who need that information to complete their day-to-day responsibilities. Regularly revisit which employees have access to which data and why. This is one of the easiest ways to reduce your risk.
Karen Mangia is a WSJ Best Selling author, thought leader, and strategist. A prolific blogger and sought-after media interviewee, she has been featured in Forbes and regularly contributes to Thrive Global, Authority Magazine and ZDNet. Thinkers 360 named her as #9 on their List of Global Thought Leaders and Influencers on Health & Wellness, #12 for Mental Health, and one of the top 150 Women B2B Thought Leaders to Follow. Connect with her on Twitter @karenmangia.