Regarding the June 24 editorial “Don’t give hackers what they want”:
The focus should be on preventing the hacking from taking place. That focus needs to begin at the employee level. Today, employees are doing more work and are under pressure to perform in a more complex environment. Research shows that 88 percent of employees don’t know or understand their organization’s security policies or rules, 46 percent of information-technology-related security incidents are caused by employees, and almost 40 percent of businesses said their employees hide IT security incidents to avoid punishment.
The focus should be on training employees to recognize the cyberthreat and follow the security policies of the organization. These security policies should help develop a positive, non-punitive cybersecurity culture that is based on education and understanding of the threat and the role an employee plays in that culture. The goal of every organization should be to achieve “cyber resilience” that brings together the capabilities of cybersecurity, business continuity, enterprise resilience and informed employees.
It all starts with good training programs to help employees prevent hacking, and then ransomware becomes a nonissue.
Eli Dabich, Annapolis
Read more letters to the editor.