When it comes to guarding against cyber risks, people tend to jump to a technical solution.  Don't get me wrong. It is important that the right technology be deployed in the right way to ensure that systems are adequately protected.  But when it comes down to it, the human factor is generally more important.

This presents itself in two clear ways:

  1. Employees are your front-line defense.  They are the ones who end up clicking on malicious links, replying to suspect emails or following unauthorised instructions.  If they are not given appropriate training, education and awareness, then a key control to combating cyber crime is missed.  Ensuring that employees are aware of the risk, know what to do in the event of an incident and more importantly know what NOT to do, can be key in helping organisations mitigate cyber risk.
  2. By far the greatest risk posed to organisations comes from the threat within.  Survey after survey illustrates that the risks and losses associated with a cyber incident are increased when an insider is involved.  Therefore, organisations also need to turn the cyber lens on themselves, ensuring that adequate controls are implemented to help detect, deter and prevent the risk from coming to fruition.

3. Finally, organisations need to be prepared for the worst and need to know how to respond when an incident occurs.  This involves doing real-life tests, as plans rarely go as intended if they are not thoroughly tested.