To stay ahead of cyber threats, employees need regular training sessions.
By Nick Fortuna
Amid mounting cybersecurity threats, well-trained employees can be a key component of a robust defense system. But without regular training sessions, those same employees can become a major liability, providing juicy targets for sophisticated cyberattacks, according to Theresa Payton, a featured speaker at this year’s MHEDA Convention.
Payton, a former White House chief information officer, said employee training is essential for building a “strong cybersecurity posture,” but companies often approach training in the wrong way. IT departments send out simulated phishing emails to “catch” employees who fall for the scams, then “punish or shame them for their mistakes,” she said.
“This approach sets up a culture of fear and discourages openness, which can actually hinder the development of a security-conscious workforce,” Payton said.
Payton, the founder and chief executive of the Charlotte, North Carolina-based cybersecurity firm Fortalice Solutions, spoke at MHEDA’s Convention about the importance of “investing in both technology and people” to safeguard operations.
Payton said companies should focus on creating “engaging, ongoing training that fosters a culture of reporting, learning and openness.” Rather than trying to catch workers who make mistakes, companies should incentivize them for positive behavior, such as reporting suspicious activity to supervisors and demonstrating good cybersecurity habits.
“This way, employees feel empowered to act as the first line of defense rather than feeling like they’re being set up for failure,” Payton said. “By fostering an environment where employees are comfortable reporting issues and discussing potential risks, organizations can create a more proactive and resilient security posture. This cultural shift will help ensure that security remains top of mind, not just during training sessions but every day.”
Training should be interactive to promote the retention of information, and it should be specific to each employee’s role at the company, covering the real-world scenarios that they’re likely to encounter. That includes well-established tactics such as ransomware, phishing and internal bad actors as well as emerging threats such as realistic-looking deep fakes.
Using voice and video cloning, cybercriminals can convincingly impersonate company executives or create fake identities to trick employees into divulging sensitive information such as login credentials, Payton said. Since cybercriminals are always refining their tactics and embracing new technologies, training should be part of the on-boarding process and “reinforced regularly” throughout an employee’s tenure, she said.
“It’s not enough to just make them aware of the risks,” Payton said. “We need to give them the tools to recognize threats and take the right actions when they see something suspicious. Cybersecurity should also be woven into the fabric of the company culture, making it a continuous, evolving conversation.”
Practice the Fundamentals
Small- and mid-sized businesses often face the challenge of balancing cybersecurity risks against their limited resources, so they should start by “focusing on the basics,” Payton said.
That includes practicing a “digital disaster” in which the company loses access to its computers and data. Companies should have a comprehensive incident response plan that includes accessing data backups to reestablish operations and contacting vendors and customers to alert them to the breach.
Payton said a key best practice is to follow guidance from the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce. The NIST’s Cybersecurity Framework, available on the agency’s website, details the five pillars of organizational readiness – identify, protect, detect, respond and recover – providing a structured approach to managing incidents.
“The key is to define clear roles and responsibilities in advance, establish communication protocols and develop a detailed step-by-step process for identifying, containing, eradicating and recovering from an incident,” Payton said. “Regularly testing and updating the plan through tabletop exercises ensures that everyone knows their role and can respond swiftly when an attack occurs. Additionally, having a post incident review process will allow for continuous improvement of the incident response plan.”
Implementing multi-factor authentication for critical systems might feel costly or cumbersome, but it’s a highly effective security measure, she added.
“It’s also important to prioritize risk, understanding which assets are most critical and focusing efforts on protecting them first,” Payton said. “Cybersecurity doesn’t have to be prohibitively expensive. It’s about prioritizing the right measures and building security into your operations from the start.”
A Target-rich Environment
Material-handling companies are facing new cybersecurity challenges as the industry integrates more automated systems and Internet of Things (IoT) technology into operations, Payton said. These devices significantly expand the “attack surface” for cybercriminals by increasing the number of interconnected devices that can be targeted.
Complicating matters, many IoT devices lack robust security protocols, making them vulnerable entry points for attackers, she said. In a simple example, cybercriminals could exploit a vulnerability in automated equipment within a warehouse, gaining access to sensitive control systems that could paralyze operations or manipulate the management of inventory.
“The greater the reliance on these systems in critical infrastructure, the higher the risk of cyberattacks that could disrupt not just operations but the entire supply chain,” Payton said. “To mitigate these risks, companies must adopt a proactive, security-by design approach for all new automated systems and IoT devices.”
That comprehensive approach includes four main components, according to Payton:
- Secure device design: ensuring that devices have built-in security features such as strong authentication and encryption.
- Network segmentation: isolating IoT devices and automated systems from the rest of the IT network to contain potential breaches.
- Continuous monitoring: implementing monitoring systems to detect anomalies in real time and respond swiftly to any security incidents.
- Regular vulnerability testing and patching: establishing a routine for testing automated systems and IoT devices for vulnerabilities and applying security patches.
“As these innovations become more deeply embedded in operations, businesses must evolve their cybersecurity strategies to stay ahead of increasingly sophisticated threats,” Payton said. “Looking into the future, the risks tied to IoT and automation will only become more pronounced.”
Cybersecurity experts fear that widespread use of industrial robots could lead to gridlock in the event of a major cyberattack that spreads among businesses, Payton said. She noted that the market for industrial robots is expected to hit $39 billion next year, with robots driving 24/7 operations across factories, warehouses and retail operations.
Driven by artificial intelligence, automation promises to reduce human error and promote safety and productivity, but cybercriminals surely will target these robots’ operating systems, Payton said. Production could be brought to a halt abruptly, or even worse, robots could be reprogrammed to produce defective goods, damage infrastructure or injure workers.
If companies are infiltrated by cybercriminals and don’t pay ransom, they could suffer significant financial and reputational damage, Payton said.
Highlighting another risk, she said cybercriminals are targeting IoT devices to mine cryptocurrency surreptitiously. Hackers can embed mining software into device firmware or apps, siphoning off power and computing resources from operations. This “shadow mining” silently drains energy, degrades performance and increases operational costs. Victims may notice rising energy bills or device slowdowns but fail to recognize the hidden mining activity, Payton said.
That vulnerability illustrates the need for manufacturers to equip IoT devices with end-to-end encryption, AI-driven anomaly detection and advanced patching protocols. Meanwhile, businesses should deploy firewalls and network-traffic monitoring tools to block malicious activity and prevent stealth mining.
“By embracing advanced technologies such as AI-driven threat prediction and zero-trust architectures, and remaining proactive in testing, patching and monitoring systems, material-handling companies can confidently navigate the evolving cybersecurity terrain,” Payton said.
Article Takeaways
1. Make Training Ongoing and Positive. Regular, engaging training builds a security-minded culture without fear or blame.
2. Focus on the Basics. Use simple, proven practices like multi-factor authentication, password policies and incident response plans.
3. Secure Automation and IoT. Protect connected devices with strong design, monitoring and regular updates to prevent attacks.
