Why People Can Be Your Most Important Cyber Defense

Nov. 21, 2023
While technology and good cyber practices can effectively protect a company’s network from attack, employees need regular communication with cybersecurity leaders to be effective.

When the topic is cybersecurity, most attention is paid to the technologies—both hardware and software—that can be deployed to both detect and mitigate cyber-attack threats. Another strategic and np less critical aspect of your company's cyber defense is its people.

The only catch is that they need to be informed of the important role they play. Doing that effectively requires a well-thought-out approach to your cybersecurity communications strategy.

At Rockwell Automation's Automation Fair 2023, a panel discussion focused on this issue and explained how companies can build a human firewall to protect their operations.

Drew Rose, chief security officer and co-founder of Living Security (a provider of training to address cyberthreats) noted that workers don't need to know everything about cybersecurity to be effective. “But they do need to know when to ask for help or raise a red flag,” he said.

"To teach workers how to do this," Rose said, "you need to make your communications about cybersecurity fit who the workers are. For example, if you're speaking to employees who work with automated machines, you should explain what an attack on your business means to the machines they work with."

Internally, Rockwell Automation stresses that cybersecurity is everyone’s business. “Our motto is 'cybersecurity starts with you'," said Paula West, IT marketing and engagement manager at Rockwell Automation. "We also show how the things we teach them about cybersecurity can protect them and their families—not just their workplace."

"The language you use is also important," said Alex Panaretos, director of professional services at Proofpoint (a cybersecurity platform provider). "There's a difference between asking someone to report something and asking them to notify you," she said. "When you ask people to report something, interaction tends be low. But if you ask for a notification so that someone else can handle it, we've seen engagement increase by 60%."

Up-to-date training

The cyber threat landscape is constantly changing. While the core tenets of good cyber practices will continue to protect a company's systems, workers need regular updates to keep abreast of the latest tactics.

West said Rockwell uses real world examples to keep employees up to date. "Talk about what's actually happened at your company," she said, "including attacks that were avoided or suspicious activities that have been detected. It's also key to understand the day-to-day realities of different worker's roles and the threats they may face in their work to help tailor your communications with them."

"We've had success with enterprise messaging," said Rose. "Updating teams with this method via short, regular updates can be effective. Move away from those 60-minute training classes every year to a 30-second video every week or two."

Rose added that it can help to talk about how the cyber-attacks they hear about in the news could impact your organization. "Your message has got to be more than: Ransomware is bad," he said.

"Build relationships between employees and your cyber help desk," advised Panaretos. "For decades, cybersecurity has been about technology and processes without recognizing there's a person involved in everything. To build those relationships, it's important for organizations to realize they have neurodiversity and cultural differences in their workforce."

"Try to understand why people are doing something," she said. "A loss of focus can be caused by caregiver stress experienced by the worker or other at-home issues. Having this level of interaction creates a human connection," she said. "People need to know they can make a mistake and recover from it. You need open dialogues. A silent organization is a dangerous one."

About the Author

David Greenfield, editor in chief | Director of Content

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. He is also the chief program architect of the annual Automation World Conference & Expo. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...

AVEVA™ System Platform: Smarter, Faster Operations for Enhanced Industrial Performance

AVEVA System Platform (formerly Wonderware) delivers a responsive, modern operations visualization framework designed to enhance performance across all devices with context-aware...