Overcoming Cyber Attacks: Why an organization’s people are its first line of defense

March 28, 2019

In partnership with Williams Lea, AXELOS provide some key insights on how companies today can enable their teams to be their greatest defense against cyber-attacks.

Nick Wilding, General Manager at AXELOS leads the Cyber Resilience Best Practice division which puts people at the heart of an organization’s cyber resilience strategy and response, enabling them to effectively recognize, respond to and recover from cyber-attacks.

So, how many times do we read about an embarrassing high-profile cyber-attack? Most weeks right?

How often do we believe these attacks are part of an ongoing battle between high-tech goodies and baddies? Most of the time according to on-going research.

But how often do we hear about the role any one of us can play in helping these attacks succeed? Not very often!

The vast majority of successful cyber-attacks succeed because of people – the unwitting actions of anyone in an organization regardless of their role or responsibility. But do we really understand that it’s our own people, who we see and talk to every day, who can help us most in managing our critical cyber-risks most effectively?

I worry that we don’t care enough or just believe we can make do with providing simple, annual e-learning every year for all our people. It’s not enough!

Ciaran Martin, CEO of the UK’s National Cyber Security Centre, said at the Confederation of British Industry’s (CBI) Annual Cyber Security Conference in September 2017:

“So let’s get serious about understanding the human being in all this. Let’s stop talking nonsense about humans being the weakest link in cyber security… human factors techniques can maximize human performance while ensuring safety and security.”

In this vital area of staff training and development the usual ‘all staff, once a year’ approach, simply does not influence, or sustain long-term behavioral change. At best, it reminds us of some essentials; at worst, it’s treated as a necessary evil, a distraction and something to be completed as quickly as possible.

Multi-layered technology and rewards

I would suggest that we’re at a crossroads in our collective corporate response to the cyber-risks we all face. One – where many will continue to invest in more technology and expect that multiple layers of technical defense will suffice.

Another group – the market leaders, pioneers and innovators but increasingly the ‘just plain sensible’ will change direction and embrace an enterprise-wide approach which uses new methods to engage and openly reward good cyber behaviors, from top to bottom.

Training and security evolving together

A new more collaborative approach is required, where information security and cyber awareness training is conceived of as a continuous, ongoing and sustainable campaign. Just as our technical security controls must constantly evolve and adapt to combat changing cyber threats and vulnerabilities, we should also ensure all of our people maintain their awareness training and are provided with the appropriate, practical guidance on a continual basis that fits the needs and requirements of your organization.

I believe that the opportunity is clear: our people are our most powerful and cost-effective defense against growing cyber-attacks. Ignorance isn’t a defense anymore. The risks and potential impacts are too great.

Start your journey

Six key questions to ask how cyber security aware is your organization:

1. How relevant is the awareness learning you’re providing to all staff?
2. Does everyone who needs awareness learning receive it?
3. How do you know people are engaging with your cyber security learning?
4. Is your awareness learning giving people knowledge they can use?
5. Do you have the right ‘tone from the top’?
6. How do you know your cyber awareness learning and training is effective?

The most cost-effective solution is indeed staring us in the face – all our people represent our greatest defense against cyber-attacks. Let’s work harder to engage them properly in our resilience.

Author: Nick Wilding

How we help

  • Access global support capabilities

    Providing 24/7, follow-the-sun support that delivers consistent, uninterrupted service

  • Accelerate digital transformation

    Building a digital-first support model through innovative tech-led processes

  • Align skills of support staff

    Upskilling support teams to thrive in a digital-first era

Insights

May 18, 2022

Global Insights

Outside Counsel Guidelines: Law firm leaders and their clients debate best approaches to client-firm dynamics

Finding common purpose for clients and lawyers and building efficiencies within a trusted and fair partnership is predicated on understanding…

May 13, 2022

Global Insights

Pressure on profits, pricing and talent: UK law firm leaders prepare for new challenges ahead

Culture, profitability, rising cost pressures and client collaboration were among the key themes of the seventh annual Sandpiper Partners’ Managing…

Apr 07, 2022

Global Insights

More than table stakes: The value proposition challenge

In the past two years, law firms saw unprecedented profitability and growth, fueled by the demand for legal services and…

Ready to transform your operations?

Contact us