An alarming number of cyber security reports are surfacing, showing how unprepared private and public sector organisations are to handle the current level of security threat.
A new Commons report just this month revealed that the UK is more vulnerable to cyber attacks than ever before. But it’s not just the threat from the outside that leaders need to prepare for – enterprise boards are unprepared and fraught with disagreements and inconsistencies when it comes to who is actually in charge of responding to a breach.
While there’s no doubt that businesses need to adopt the right technology to mitigate security risks, this is only one piece of the jigsaw. Leaders must wake up to the reality that employees are an organisation’s most effective firewall.
Why building a cyber-security culture should be the foundation of a defence strategy
An organisation’s security culture is the foundation stone of a successful data security programme. It is paramount to embed security values into an institution’s culture, and for action to replace rhetoric. An engaged workforce is more likely to feel accountable and take responsibility for security issues – a key tactic in the fight against security challenges.
The reality is that humans are the weakest links in any organisation and while computers will do as we programme them to, humans do not, which makes the need for a security framework even more crucial. According to Verizon, human error is the root cause of close to one-in-five data breaches and while almost three quarters of attacks are perpetrated from outside an organisation, more than a quarter involve insiders.
How to upskill on cybersecurity and why it is important to invest, now
An organisation’s security culture requires ongoing attention. When security culture is sustainable, it will transform security from a one-time event into a way of working that will forever generate a return to a business. There must be a focus on continued awareness and organisations should commit to regular training and development sessions for their people across all areas of the business to boost confidence and performance.
Employees are often pinpointed as targets to obtain data, which makes the need to educate colleagues on cybersecurity all the more important. Awareness of what an early “phishing” attempt looks like, for example, could prevent a fatal business attack.
The security risks that come with new technology
At its heart, IoT is concerned with collecting, analysing and using data. It offers the potential for a global view across the whole of an organisation, with unprecedented insight into customer behaviours, business operations, working habits and more. While it’s easy to see why businesses are excited by this prospect, access to data on this scale can also present major risks. Infinite new connections between devices are potentially leaving the back door open to hackers and, as well as an increased chance of security breaches, more applications also mean an increased potential for damage in the event of a breach.
Combining new technology with legacy infrastructures can be a tall order and – without the right strategy in place – can create problems that are difficult to repair. Cyber-attacks have become so sophisticated that no business is immune, regardless of their size. Businesses must open their eyes to this reality and recognise the value of putting employees at the front line of their defence strategy.
By Iain Shearman, Managing Director, KCOM NNS
KCOM is one of the UK’s oldest communications services companies, dating back to 1904. We’ve always been proud of being different. Our founders were pioneers and innovators in the field of telephony and today we emulate their spirit by helping our customers harness the power of technology.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/