Companies must build a “human firewall” to combat internet-related security issues, as cybersecurity is also a people, and not just a technology, issue.

“People are our first line of defense. It is best to upskill their competence and capabilities on cybersecurity and help them reduce the risk of security breaches,” said Mhycke C. Gallego, Advisory Practice Leader of P&A Grant Thornton, one of the country’s leading audit and professional services firms.

In an increasingly digital world, making employees vigilant against real-life cybersecurity attacks demands more than just complying with information, technology and cyber security training requirements.

To strengthen the human firewall, the organization should undergo a change management process “so people will be able to manage the shift brought about by digitalization, as well as understand its impact to the overall IT governance process,” said Gallego, a certified risk and information systems control (CRISC) and risk management assurance (CRMA) professional.

To enable firms to influence employee behavior and reduce information, technology and cyber security risk at every level of the organization, P&A Grant Thornton introduced Vigil@nt Cybersecurity, an online service platform that helps businesses and organizations design, implement, and monitor their internal cybersecurity awareness and training programs.

The company drew on its own years of experience in running information, technology, and cyber security learning and development sessions for its employees to come up with Vigil@nt Cybersecurity and offer it to clients and partner-organizations.

“At P&A Grant Thornton, we are exposed to having conversations with our clients’ board of directors, senior management, and those in operations as part of our regular work. This enables us to understand their needs at various levels and customize the delivery of cybersecurity learning programs,” said Gallego.

While P&A Grant Thornton is known more for its role as an auditor and business adviser, Gallego said it also conducts information, technology, and security audits to clients. “We have also been providing vulnerability assessments, penetration testing, and technology security assessment and other reviews to our clients. This enables us to bring our wealth of experience, as well as tap from resources within Grant Thornton’s global network, in our interaction with clients.”

Through Vigil@nt Cybersecurity, organizations and enterprises receive up-to-date and relevant cybersecurity awareness content delivered through an online learning and phishing-simulation platform that makes learning more fun, interactive and effective. In designing cybersecurity learning and development sessions, P&A Grant Thornton considers the readiness of the client’s organizational structure (e.g., if a separate cybersecurity unit is present within the company), its risk assessment protocols (i.e., identifying areas exposed to cybersecurity and people who hold critical information) and focus on areas that are critical, and identifies appropriate control activities (business, fraud, technology) and learning intervention.

In the Philippines, Gallego said there is still a gap in promoting cybersecurity awareness. “More matured and technology-enabled companies have more advanced cybersecurity awareness programs. On the other hand, small and medium-scale enterprises, considered the economy’s backbone, may be less aware and their existing processes are perhaps more prone to cybersecurity challenges.”

 

As published in BusinessMirror, dated 31 August 2021