This is a common question among business leaders and human resource professionals “Can HR reduce cybersecurity threats?” Today Cyber Security violations have become more targeted and clear. The survey of cybersecurity violations of the government from 2019 shows that in the last 12 months, one of the three Businesses (32%) faced attack, as companies increase their cybersecurity with more sophisticated technology, the attackers are choosing soft targets. Applying human error-dependent attacks, such as phishing (identified by 80% of respondents) and an organization (28%), now crosses the attacks of viruses, spyware or malware (27%). As a result, there may be a loss of data or even a large amount of money. For the past few years’ cyber-attacks have been wreaking havoc, such as WannaCry, Shadow Brokers and Petty, are spending billions of dollars in global economic losses. According to the annual report released by the National Crime Records Bureau (NCRB) in 2016, with 762 cases, Bengaluru had the second-highest number of cybercrime cases among the metros, behind Mumbai with 980 cases. Other metros in the list were far behind, with Hyderabad recording 291 cases, Kolkata 168, Delhi 90 and Chennai 36. From 762 to 5,035, the number of cases has seen a sharp increase in Bengaluru. The increase in Mumbai is not so pronounced. Reporting by whitepaper current state of Cybersecurity 2019 released by RSA Security, Social Media fraud has increased by 43% in 2018. It says the trend will continue in 2019 because of ease using, absence of fees, and multiple other benefits of these platforms like Facebook, Instagram, WhatsApp, Twitter, and other messaging platforms.
From the last same years, Indian organizations have taken the burden of cyber crime, here is the timeline below:
- May 2016: The Indian Railways e-ticketing website IRCTC reported that account details of its users were allegedly compromised.
- August 2016: More than 22,000 pages of sensitive information related to the first Scorpene-class submarine built in India were leaked, putting the Indian Navy and the government in a fix.
- October 2016: More than 3.2 million debit cards of customers of ICICI, YES, SBI, HDFC and Axis banks were compromised.
- May 2017: The food-tech company Zomato suffered a security breach when a hacker by the name of ‘clay’ claimed to have hacked more than 17 million user records and threatened to put them on sale on a popular Dark Web marketplace.
- May 2017: WannaCry stalled operations of several private and public enterprises across many states, including Maharashtra, Gujarat, West Bengal, Odisha, Gujarat, and Delhi NCR.
- June 2017: India was among the top 10 countries that were hardest hit by the Petya attack. The country’s largest container port Jawaharlal Nehru Port (JNPT), near Mumbai, was disrupted for several hours.
- June 2017: A malware attack impacted thousands of broadband modems of the state-owned telecom operator BSNL.
- July 2018: In Kolkata, fraudsters hacked into Canara bank ATM servers and wiped off almost 20 lakh rupees from different bank accounts.
- August 2018: In Mumbai, two men were arrested for involvement in fraudulent activities concerning money transfers from the bank accounts of numerous individuals by getting their SIM card information through illegal means.
- 5 August 2018: In New Delhi, two men arrested who was working with an international gang that uses skimming activities to extract the details of the bank account.
Cyber Security threat solutions are seen as a job for Information Technology departments, but they are unable to catch the line alone as a threat. This has become a company-wide challenge and human resources professionals have an important role in minimizing it. Malware protection and anti-virus software are important, but technology will not be able to stop intruders. Cybersecurity thread is increased rapidly reason given that India is becoming a digital economy and advanced technologies are being adopted by Indian companies rapidly. As the growing number of businesses are online and financial transactions become electronic, Indian websites and users are highly vulnerable to cyber-attacks and data violations. a report that India is the seventh most targeted nation for web application attacks. While cybersecurity in India is still in a nascent stage, organizations have started implementing measures to prevent hazards. From implementing sophisticated IT systems and availing cyber insurance, hiring cybersecurity experts, they are taking every possible step to fight cybercrime.
Human resources professionals need to ensure that the skill of the staff has been updated to include cyber skills. Most have already taken the first step by increasing data protection measures in light of General Data Protection Regulation – and Cyber Security Brake Survey, which has found that awareness about security with regulation has increased – but mainly focuses on data has given. Organizations now need to fully consider cybersecurity.
Here are same step HR teams can reduce Cyber Security threats:
- Co-operate with IT: HR and other departments need to work with IT departments to manage cybersecurity. if possible, every company brings together various elements, including technology and policies and procedures, and ensures that everyone understands their roles and responsibilities.
- Basic skill needs: cybersecurity professionals employed by the organization should be aware of new techniques and cyber hazards emerging every day. They should be equipped with the necessary skills to deal with such situations immediately. While HR professionals do not need to know all the technical details, it will be useful to learn the basics of cybersecurity, HR is to ensure that the organization’s cybersecurity capability and individual cyber skills are assessed at regular intervals. It will ensure that both organizations and cybersecurity forces are ready to respond to the cyberattacks, As per the government’s Cyber Essentials guideline the key principle being that “staff should have just enough access to software, settings, online services, and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them”.
- Recruitment & Training: A company demand for both tech and non-tech cybersecurity professionals. HR has many types of jobs like cybersecurity – security analyst, chief information security officer, intrusion detection specialist, incident responder, information risk auditors, vulnerability assessor and so forth. Only then can HR create accurate job descriptions and identify the right fit.
- Staff Training: To make all employees aware of security and data protection rules, policies and procedures, there should be any type of cybersecurity training, as well as avoiding any particular threat to them. Cybersecurity training should be part of the onboarding process, but in any case, employees are required to receive regular updates.
- Hiring Ethical Hackers: Today, many organizations employ ethical hackers to analyze the hidden vulnerabilities in the organization’s security system. these hackers hack the internal system with the permission of the company. However, if the appointment of ethical hackers goes wrong, it can have serious adverse effects on the organization. so, HR recruitment and expiration date, non-disclosure agreements, and communication protocols are the responsibility of deciding terms of engagement.