... critical for effective CYBERSECURITY
The prevailing perception of Cybersecurity is that it’s the IT Department’s problem. Rows of IT geeks sitting in front of screens doing arcane and mysterious things with technology to keep the hackers at bay. But while the IT Department and technology have a vital role to play in protecting against Cyber threats, reliance on them alone is almost certain to be inadequate. After all, it only takes one email containing a bogus link to get through the defences, and then the question is whether someone clicks on it. And users are much more likely to click on the link if they haven’t been made aware of what to look out for.
In fact, evidence suggests that at least two-thirds, and possibly as many as 90 per cent of all Cyber breaches involve some form of human action, error or omission on the part of employees or other insiders. Sometimes these acts are deliberate, for example by disaffected employees or those who may be leaving, but mostly they are innocent and inadvertent. Most of us have at best only a partial appreciation of what to do and what to look out for in avoiding Cyber risks, and easily fall prey to the hackers’ whiles. This in turn reflects the prevailing perception of Cybersecurity as a technology problem for the IT Department to worry about, because if technology is the solution, then why should there be any need for organizations to put time and resource into educating their employees about good Cyber practices and hygiene? And research shows that many – probably most - organizations are following this logic: for example, in a 2018 survey by PWC of 9500 executives across 122 countries only 34% said that their company had an employee security awareness training programme; and the UK Government’s 2018 Cyber Security Breaches survey found that only a fifth of businesses and 15% of charities had had any staff attend cyber security training in the previous 12 months.
Moreover, it’s clear that existing approaches to Cybersecurity are proving inadequate to meet the threat being faced – Accenture’s 2019 Cost of Cybercrime study reported an 11% increase in the number of Cyber breaches between 2017 and 2018, as well as a 12% increase in the average cost of each breach. And this trend is likely to continue, until everyone’s understanding of the threats, and how best to guard against them, is vastly improved. Which comes back to education and awareness. But according to the Accenture study, ‘Training employees to think and act with security in mind is the most underfunded activity in cybersecurity budgets’.