Richard Beck | 20 April 2015
The human element of cyber security
I have spent the last two days at 'The Cyber Security Show 2015' in London. One theme in particular stood out – the ‘human element’ of cyber security.
The thing everybody needs to understand is that cyber security is not just a technology issue – it is a people issue.
Increased investment is needed to combat sophisticated attacks
A sophisticated cyber-attack can cause major damage, so every company needs to plan their crisis response carefully. There is currently significant underinvestment in cyber incident response and resilience – this trend needs to be reversed. We also need to invest more in deep cyber skills for our security specialists so they are able to combat the growing threats. Cyber security training is now more vital than ever.
51% of the worst security breaches in 2014 were caused by staff
Without adequate training, staff are the biggest security risk. They download files that contain malware, they lend out passwords, and they can even be manipulated to unknowingly provide sensitive information – a tactic known as social engineering.
Even the most advanced security systems can be bypassed if attackers can obtain information such as staff log-in details, so you can’t solely depend on technical solutions for protection.
It is vital to educate staff on cyber threats
By staff we mean everyone, including outside suppliers with access to internal systems. Education cannot be a one-off, tick-box exercise. It must be a continuous process, with comprehensive training for new starters (including temporary staff) and regular refresher sessions for permanent staff.
Although it's apparent that people can be "the issue" when it comes to cyber breaches – they are also the solution to protecting an organisation's most valuable assets. It's an ongoing cycle, whereby everyone needs to be educated with the armour to detect, deter and defend from a cyber attack.
At The Cyber Security Show, I had the privilege to run a seminar session for attendees. I discussed and focused on the importance of being prepared for potential attacks, destructive trends and above all the in-house cyber skills required to build a strong, competent security team.
Download my Cyber Security Show Presentation.