Overcoming Cyber Attacks: Why an organization’s people are its first line of defense
In partnership with Williams Lea, AXELOS provide some key insights on how companies today can enable their teams to be their greatest defense against cyber-attacks.
Nick Wilding, General Manager at AXELOS leads the Cyber Resilience Best Practice division which puts people at the heart of an organization’s cyber resilience strategy and response, enabling them to effectively recognize, respond to and recover from cyber-attacks.
So, how many times do we read about an embarrassing high-profile cyber-attack? Most weeks right?
How often do we believe these attacks are part of an ongoing battle between high-tech goodies and baddies? Most of the time according to on-going research.
But how often do we hear about the role any one of us can play in helping these attacks succeed? Not very often!
The vast majority of successful cyber-attacks succeed because of people – the unwitting actions of anyone in an organization regardless of their role or responsibility. But do we really understand that it’s our own people, who we see and talk to every day, who can help us most in managing our critical cyber-risks most effectively?
I worry that we don’t care enough or just believe we can make do with providing simple, annual e-learning every year for all our people. It’s not enough!
Ciaran Martin, CEO of the UK’s National Cyber Security Centre, said at the Confederation of British Industry’s (CBI) Annual Cyber Security Conference in September 2017:
“So let’s get serious about understanding the human being in all this. Let’s stop talking nonsense about humans being the weakest link in cyber security… human factors techniques can maximize human performance while ensuring safety and security.”
In this vital area of staff training and development the usual ‘all staff, once a year’ approach, simply does not influence, or sustain long-term behavioral change. At best, it reminds us of some essentials; at worst, it’s treated as a necessary evil, a distraction and something to be completed as quickly as possible.
Multi-layered technology and rewards
I would suggest that we’re at a crossroads in our collective corporate response to the cyber-risks we all face. One – where many will continue to invest in more technology and expect that multiple layers of technical defense will suffice.
Another group – the market leaders, pioneers and innovators but increasingly the ‘just plain sensible’ will change direction and embrace an enterprise-wide approach which uses new methods to engage and openly reward good cyber behaviors, from top to bottom.
Training and security evolving together
A new more collaborative approach is required, where information security and cyber awareness training is conceived of as a continuous, ongoing and sustainable campaign. Just as our technical security controls must constantly evolve and adapt to combat changing cyber threats and vulnerabilities, we should also ensure all of our people maintain their awareness training and are provided with the appropriate, practical guidance on a continual basis that fits the needs and requirements of your organization.
I believe that the opportunity is clear: our people are our most powerful and cost-effective defense against growing cyber-attacks. Ignorance isn’t a defense anymore. The risks and potential impacts are too great.
Start your journey
Six key questions to ask how cyber security aware is your organization:
1. How relevant is the awareness learning you’re providing to all staff?
2. Does everyone who needs awareness learning receive it?
3. How do you know people are engaging with your cyber security learning?
4. Is your awareness learning giving people knowledge they can use?
5. Do you have the right ‘tone from the top’?
6. How do you know your cyber awareness learning and training is effective?
The most cost-effective solution is indeed staring us in the face – all our people represent our greatest defense against cyber-attacks. Let’s work harder to engage them properly in our resilience.
Author: Nick Wilding