When it comes to guarding against cyber risks, people tend to jump to a technical solution. Don't get me wrong. It is important that the right technology be deployed in the right way to ensure that systems are adequately protected. But when it comes down to it, the human factor is generally more important.
This presents itself in two clear ways:
- Employees are your front-line defense. They are the ones who end up clicking on malicious links, replying to suspect emails or following unauthorised instructions. If they are not given appropriate training, education and awareness, then a key control to combating cyber crime is missed. Ensuring that employees are aware of the risk, know what to do in the event of an incident and more importantly know what NOT to do, can be key in helping organisations mitigate cyber risk.
- By far the greatest risk posed to organisations comes from the threat within. Survey after survey illustrates that the risks and losses associated with a cyber incident are increased when an insider is involved. Therefore, organisations also need to turn the cyber lens on themselves, ensuring that adequate controls are implemented to help detect, deter and prevent the risk from coming to fruition.
3. Finally, organisations need to be prepared for the worst and need to know how to respond when an incident occurs. This involves doing real-life tests, as plans rarely go as intended if they are not thoroughly tested.
High profile cyber-attacks have opened companies' eyes to the scale of cyber threat and are asking themselves how to protect their businesses. For many the knee-jerk reaction would be to look to technology to bolster defences. In-fact, businesses' front-line defence is closer than they think – it starts with their employees. It's eye-opening that our data shows that two-thirds of cyber breaches are caused by employee negligence or malfeasance including losing laptops, the accidental disclosure of information or actions of rogue employees, compared with just 18% of breaches driven directly by external threats.