Kaspersky shares insights on human-centric cybersecurity in a Singapore forum

Global cybersecurity company, Kaspersky, organised a special forum on "Human-Centric Cybersecurity" with Division Zero (Div0), an established cybersecurity community in Singapore, last July.

During the forum, Kaspersky shared the key findings of its latest studies on the "human factor" concept and how it influences all facets of cybersecurity.

Evgeniya Russkikh, Head of Academic Affairs and Cybersecurity Education at Kaspersky, kicked-start the conversation by presenting an overview of the security level that is needed for companies to become prepared and resilient, based on comprehensive interviews with 1,260 IT and IT engineers from 19 countries.

Referencing Kaspersky's recent research, "Redefining the Human Factor in Cybersecurity", she shared the following results:

• 77% of companies experienced at least one cyber incident in the past two years.
• 26% of all cyber incidents in the past two years were caused by employees' intentional information security policies violations.
• 14% of cyber incidents are due to senior IT security staff errors.
• 18% of respondents report that the incidents in their companies are attributed to skills shortages in cybersecurity.

Moreover, Evgeniya presented interesting statistics from another Kaspersky study, "The portrait of modern information security professional," conducted with 1,012 InfoSec professionals in 29 countries. Zooming in on the skills gap in cybersecurity, here are the note-worthy findings from the research:

• 41% of InfoSec professionals say their organization's cyber security teams are "somewhat" or "significantly understaffed".
• The most considerable staff shortage of cybersecurity workers is revealed in Russia, followed by Latin America, APAC and META.
• The least understaffed regions are Europe and North America.
• Information security research and malware analysis are the most understaffed roles globally (39%).
• The biggest challenges to find and employ the right InfoSec professional are the discrepancy between certification and practical skills (52%) and lack of experience (49%).
• Almost half (48%) of InfoSec professionals claim it takes more than six months to fill an information security position.

From these findings, one may conclude that there is:

• A continued and growing demand for cybersecurity professionals, and there will not be enough supply in the upcoming years;
• A need for upskilling and reskilling programmes, aside from improving bachelor or master's degrees in universities;
• An increasing necessity for teaching cyber hygiene skills regardless of academic specialisation; and
• A need for a wider yet more in-depth conversation on how diverse cybersecurity is as a profession.

Still, within the same premise that the human factor is critical in cybersecurity, a separate research was shared during the forum. Assoc. Prof. Dr. Jiow Hee Jhee from the Singapore Institute of Technology (SIT), presented the findings of the white paper he co-authored with Trishia Octaviano, Academic Affairs Manager for Asia-Pacific at Kaspersky.

Through the Protection Motivation Theory, Dr. Jiow's session aimed to understand better the factors influencing individuals' behaviours towards certain cybersecurity issues, particularly connecting to a secure internet connection, dealing with suspicious links and attachments, and adopting strong passwords.

Based on the results of the white paper, "Learning cybersecurity: What motivates individuals to practice online safety?", the following conclusions are derived:

• Individuals' assessment of their own capacity to respond and protect themselves from a cyber threat is a key factor when deciding to comply with cybersecurity practices.
• Their evaluation of how these recommended practices can mitigate a cyber risk or reduce a possible online harm is equally important.
• Aside from appraising the coping resources available to them to manage and overcome cyber threats, they also require an understanding of the consequences that may arise from these threats.
•  

Based on these observed patterns of their online behaviours, one can infer that positive messaging incorporated in cybersecurity awareness campaigns can significantly influence behaviour change.