Example essay

GUEST TRIAL: Shockwaves from mental illness have started to exacerbate cybersecurity exposures

Mental health at work is changing. Even before the COVID-19 pandemic, which caused feelings of loneliness and isolation to increase, the mental health of workers was under pressure.

Related: Capital One hacker exhibited “erratic behavior”

According to a recent workforce health survey, 40% of workers have experienced mental health issues in the past year, double the previous year. We are in the midst of a mental health crisis in the workplace that affects individual employees and entire companies.

While it is evident that people are not getting the mental health care they need and deserve, and that we need to do better as a nation, there is one overlooked aspect of this crisis that is affecting businesses. .

The vulnerabilities and challenges associated with the deterioration of the mental health of workers lead to increased cybersecurity risks, especially insider threats.

Cyber ​​risks to mental health

Many organizations categorize employee mental health and a human resource concern, but a growing body of evidence shows that the effects of mental health run much deeper. The decline in mental health in the workplace affects cybersecurity in a number of ways. When an employee is struggling, they can reach a tipping point and become an insider threat. According to Verizon, 22% of all security incidents involve insiders.

A common belief is that insider threats are all perpetrated by evil individuals, but many arise unintentionally by loyal employees who may make an innocent mistake if distracted, especially due to mental health issues. Any mental health issue can derail an individual’s attention and limit informed decision-making.

An employee could forget about the security protocol and download and adopt an unauthorized SaaS platform. These platforms could lack the vital security protection needed to keep internal business information safe, leaving internal data vulnerable.

Another example that has become more prominent in a world of remote working from home is an individual forgetting to use the company’s VPN or connecting to an unsecured WIFI. Both can unintentionally expose critical data and leave a business vulnerable to an outside threat.


Social engineering incidents are also on the rise. We’ve almost all seen phishing emails in our inbox at some point. Phishers pose as trusted organizations to try and get you to click on malicious links and disclose private information.

Most that we have received in the past seem woefully bogus, but these organizations are getting more and more sophisticated as our public data becomes more accessible. These advancements, coupled with a mentally challenged employee, could result in an accidental click or worse.

Besides unintentional insider threats which are affected by mental health, intentional threats are also on the increase due to deteriorating health of employees. These threats can take many forms, from downloading and sharing confidential information to providing cybercriminals with knowledge of how to access a system or where to find sensitive data. When aided by an insider, an outside attack often goes unnoticed for an extended period of time, causing significant damage and financial loss.

Whenever a system is vulnerable, it becomes an opportunity for cyber criminals and other malicious actors to infiltrate the system, causing a cybersecurity nightmare.

Greater leadership challenges

A few years ago when we at Shasta Ventures, invested in cybersecurity, I realized that to truly understand the problem and industry trends, I had to speak regularly to the people who keep the best companies safe. We have created a group of around 50 CISOs in major global organizations to meet and discuss the threats businesses face and the technology needed to keep our organizations secure.

A key point to remember is that increasing cybersecurity threats are no longer just the responsibility of an CISO. The entire management team must have a deep understanding of the risks and vulnerabilities that their team’s actions can cause.

Mental health must be monitored and be a priority for all leaders. As the first line of defense, it is essential that security officials understand user behavior and have the tools to detect unusual, suspicious or illegal activity, which are essential to detect early indicators of a problem. violation.

Regularly coaching employees on security best practices and cybersecurity habits is a must for the modern organization. Evolve beyond boring recurring safety training to a program that regularly monitors team thoughts and actions and reminds them of proper protocol. An organization can’t tell an employee the rules upon on-boarding and expect them to remember everything five years later without constant updates and reminders.

To protect against growing insider threats, security must go beyond investing in external networks and applications. More investment is needed in the security of internal networks, in particular to secure the traffic passing from one internal machine to another. Security officials need to understand vulnerabilities and integrate more east-west intelligence using AI. This will help to assess whether certain employees need to access a database or a system.

More investment should also be made in data exfiltration tools and data exfiltration prevention, and the investment should cover modern tools and processes such as conversations on Zoom or sharing information on Evernote.

Employee mental health is, and will continue to be, at the forefront of creating healthy work environments. We need to take action to support our workforce, while securing our business assets.

About the essayist: Nitin Chopra is Managing Director of Shasta Ventures. He is passionate about enterprise software and invests in infrastructure software and leads Shasta’s security investments.

*** This is a Syndicated Security Bloggers Network blog by The last watchdog written by bacohido. Read the original post on: https://www.lastwatchdog.com/guest-essay-the-shock-waves-of-mental-illness-have-begun-exacerbating-cybersecurity-exposures/

Source link