Globally, cyber-attacks are not a new occurrence. But what is worrying is that their frequency and complexity continue to increase, so much so that cyber-threat is now considered one of the most serious economic and global security challenges. Thus, cyber-attacks are becoming a part of daily life with the fast expansion of cybernetic domain, but navigating before, during and after an attack is far from being anything routine.
Cybersecurity is much more than an Information Technology (IT) problem. Strategic communication across entire organisations is necessary to successfully navigate cyber-malice. In Bangladesh, while organisations are taking a lot of initiatives on rapid digital transformation, the exposure to a potentially existential threat on an ever-expanding cyber-battlefield has increased a lot. Moreover, as an impact of Covid-19, cybersecurity became a top technology priority for a planned digital transformation.
With the increased use of digital technology, data have become most important asset for businesses and it is growing in value and volume. Businesses are not in a position to accept any technology disruption--lest this should cause financial loss and reputational damage. But businesses are not free from cyber-attacks. In fact, the number of cyber-attacks has not been reduced, rather it increased and is coming up with new dimensions. Cyber-attacks are now a big challenge for digital transformation.
A top-down strategy is essential for cyber- security to provide adequate protection to information assets in any environment. Building a culture of cybersecurity throughout the organization, maintaining secure systems and continuous monitoring, is essential for safeguarding the systems and data.
Cyber-security awareness is important for all. When an organisation's employees are cyber-security aware, it means they understand what cyber-threats are, the potential impact a cyber-attack will have on their business, and the steps required to reduce risk and prevent cyber-crime from infiltrating their online workspace.
With widespread influence, it is imperative that cybersecurity has an internal voice in the form of communications representation, ensuring policies, procedures, and relevant breaking-news items are universally and regularly communicated. Dedicating some portion of communications personnel time to the security team can drive global awareness of programmes and initiatives critical to the safety of the organisation, thereby increasing programmatic success.
Communication is extremely important for converting the technical information produced by security teams into something meaningful that others in the organisation can understand. It is an extremely important skill that all security professionals should strive to develop. Presenting information in the right way can help convey the intricacies of the cyber world and the technical aspects of the dynamic nature of cyber-threats and the information environment itself. It is now more important than ever that security professionals can communicate effectively with employees and business stakeholders at all levels.
Cybersecurity staffing expert Diedre Diamond says, "One must be able to communicate, problem-solve and work in teams. No matter how technical somebody is, if they can't communicate in a team atmosphere, they won't be successful in a long term." With cyber professionals no longer operating in a vacuum, they need the ability to communicate to clients, colleagues, and seniors at the C-suite level in order to offer value.
Cyber-attacks are undoubtedly becoming increasingly prevalent, making it highly probable that most cyber teams will face some form of cyber-crisis if they have not already. A cyber-crisis demands clarity of communication. Quick and direct communication is necessary for coordinating an effective response plan. It is the job of cyber professionals involved to lead and coordinate activities in the event of a cyber-crisis. This typically involves working with a dedicated crisis-response team, which includes employees company-wide. So, again, cyber professionals must be fluent in translating technical and communicating clearly.
Cybersecurity is now considered a board-level issue, with many calling for top management success linked to the success of a business' cyber-security measures. These issues are linked to every level of an organisation's operations and, as such, clear communication is needed with the boardroom - right to the very top.
Despite all the technologies and systems in the security domain, employees are still on the frontline of cyber-defence. Many of them may be completely unaware of the threats posed by things such as social engineering. They need to be educated about the latest threats, and how to avoid or mitigate them. At the moment the advice commonly consists of something along the lines of "don't open attachments" or "don't click on links" in unsolicited emails. But this message is clearly not getting through in many cases. Phishing and even whaling attacks are continuing to rise globally.
Cybersecurity is everyone's job. So, everyone in an organization must understand their responsibility and perform their jobs. If we consider the ICT Security Policy, while employees may sign off on the receipt of the policy handbook upon hire, the number who actually read it commit the contents to memory, and adhere to all of the rules and regulations debatable. Compliance has a lasting impact on organizational safety and security but is reliant on thorough policy knowledge and acceptance. Businesses have started to understand the vulnerabilities that digital technologies open, and they are looking to security professionals to advise them. But their advice will only be heeded if it is clearly understood. A common language can only bridge any gap.
The author is an Information Security and Cyber Digital Transformation Specialist. He can be reached at