Modern Life

Why companies and employees need to work together to fend off cyber threats

Cybercriminals are getting smarter. A new landscape of heightened threats requires employee collaboration to bolster cybersecurity.

By Alex Holland — November 22, 2022

Perhaps unsurprisingly, it pays to be a cybercriminal these days.

For one, it’s a booming industry. Between 2008 and 2021, the FBI recorded a 207% increase in cybercrime reports, with losses hitting almost $7 billion last year. 

Second, it has a low barrier to entry — in fact, it’s dirt cheap. The average price of compromised remote access credentials costs around five dollars, easily purchased on the dark web. Cybercriminals use these credentials to sneak their way into victim enterprise networks. In the report The Evolution of Cybercrime, we found over 75% of advertisements for malware and 91% for exploits are listed for under $10. By comparison, purchasing a popular malware kit in 2009 would have set a cybercriminal back $8,000.

Alex Holland, Senior Malware Analyst at HP

Alex Holland, Senior Malware Analyst at HP

 Third, it’s easier than ever for cybercriminals to work together in an increasingly professional and collaborative underground supply chain. They have carved out niches, offering specialist services such as the leasing of massive botnets to deliver a customer’s malware of choice to thousands of victims, or hackers-for-hire who maximize the damage wreaked from ransomware by extending an intrusion to vulnerable points in a network. The sum of these factors means that employees in distributed workforces around the world are more vulnerable than ever. The blurred lines between personal and corporate devices mean remote employees aren’t always protected by enterprise defenses, increasing the risk of successful attacks. 


RELATED: 7 cybersecurity terms every employee should know


The good news is, it’s within the power of employees to become the first line of defense — but only with teamwork. If cybercrime is a playing field with ever-changing goalposts, the only way to win is by working together to run the best defense possible. 

Anticipating your opponents’ playbook

Cybercriminals abuse our trust in everyday interactions and communications online, especially email, to exploit systems. Through various forms of phishing and social engineering, email is the most popular way cybercriminals gain unauthorized access to networks. Once inside, they typically try to monetize their access — disabling the organization’s backups, stealing sensitive data, and deploying ransomware. The impact of a breach can be severe, costing businesses in operational downtime, remediation, reputation, and loss of intellectual property. Knowing this, organizations and employees must take steps together to shore up their defenses in this heightened-threat environment. 

If cybercrime is a playing field with ever-changing goalposts, the only way to win is by working together to run the best defense possible.

Developing your defensive line 

For employees, this means being aware of the tricks cybercriminals use, not hesitating to report suspicious activity, and, more broadly, understanding the role they play in defending their organization’s “digital castle.” Their employers must support these efforts by encouraging a positive security culture overall where workers are given clear directives to be vigilant about phishing and IP protection, seek out information, share ideas to improve security, and educate colleagues and family members.

For organizations, the focus should be on mastering the basics, practicing resilience, and collaborating to reduce risk. Good “security hygiene” starts with IT asset discovery — after all, you can only defend the devices, software, and systems that you know employees are using. Organizations can then build on this by following best practices in vulnerability management and multifactor authentication, while putting in place the people, processes, and technology to detect, prevent, and recover from attacks. This means planning for the worst-case scenario, implementing processes to limit supply chain and insider risks, and also practicing incident response plans. Just like regular drills or a friendly scrimmage, rehearsing your response to attacks is essential to be better prepared for the real thing, and will also help uncover problems and encourage process improvements. 

Fatchurofi Muhammad

In addition, organizations can maximize the benefit of their security investments by shutting off common attack routes, such as malware delivered by email and the web, which can be neutralized using prevention technologies like the hardware-enforced isolation of HP Sure Click Enterprise. These solutions protect systems not by relying on the detection of malicious activity — an endless game of cat and mouse — but by enabling employees to perform risky day-to-day business activities like opening email attachments safely and protecting IT departments against unknown threats. 

Learn from losses, celebrate wins 

Security is a team sport. Companies can positively reinforce the kinds of behaviors and practices they want to cultivate in employees through active and frequent awareness engagements (think: HP’s recently rolled-out film noir–inspired cybersecurity training for all employees), as well as training tailored to different teams’ needs. This creates a security culture where employees are empowered to manage human risk themselves. Teamwork extends beyond the organization, too. Collaborating with industry peers, measuring your performance through external security assessments, and sharing threat intelligence — these are all needed to see what’s happening on the field right this moment and to stay ahead of the playbooks of attackers, in this season and the next. 


READ MORE: Why home cybersecurity is paramount – now more than ever