Stephen Burke, CEO and founder of Cyber Risk Aware, discusses how businesses can defend themselves against cyber attacks by building a human firewall
2019 was one of the worst years on record for Cyber Attacks – no organisation was safe: From the labour Party to British Airways there was no stopping the cybercriminals who are relentless in their attacks. And the war shows no signs of abating: There has been a massive 54% increase in data breaches and the consequences in many cases are dire. What you read in the press is the tip of the iceberg and leaves many questioning why large corporations like Yahoo, Walmart and Yahoo, with such deep pockets and vast IT and security budgets, can’t protect their networks?
The problem doesn’t lie with technology. Corporations are spending, necessarily, vast sums on the right technical infrastructure solutions and IT companies are innovating to try to keep ahead of the latest attacks. BUT using technology to counter the problem is only one part of the whole solution and many enterprises are now discovering the technology piece only goes so far. It is just one piece of the arsenal that they need to be safe.
A proven fact is that 90% of all breaches are caused by human error and this means that the best technical solutions in the world cannot secure your IT infrastructure alone. Just one absent-minded click on a phishing email can bring down even the most sophisticated and technically robust system. Hard-working IT departments will agree that one of their biggest challenges is the network users. This is where organisations today need to turn that problem into a solution: make their biggest weakness their strength by training and educating their network users in Cyber Security and building the ‘Human Firewall’.
The most common vulnerabilities that are exploited by Cyber Criminals start with Business Email Compromise (BEC) and Email Account Compromise (EAC) where attacks have cost organisations globally more than $26Billion since 2016 (reported by the FBI). The main culprits come in the form of Phishing emails that look like they come from familiar or trusted sources.
Cyber Security Awareness training
The most important step that businesses need to take to address these vulnerabilities is Cyber Security Awareness training. For many organisations this is an afterthought – very much closing the stable door after the horse has bolted – with training only put into place after the company has suffered. Other companies solely train the technical staff as they mistakenly make Cyber Security as the sole responsibility of the IT department and missing the real source of the problem – the employee at the frontline.
Companies need to change their corporate mindset and treat Cyber Security not as an IT problem but as a real business issue. Every employee within any organisation large or small should be Cyber Security trained on how to spot risks and act on them. This should be in your company’s employee handbook and company policies should be adapted to ensure that employees take the threats seriously. They should know the consequences and implications. Additionally, training should be implemented horizontally and vertically. A cybercriminal doesn’t care what level of employee he targets or what department they work within. Every computer, every communications device, is an open door to a criminal and at the moment untrained employees are not only opening the door – they are propping it open and inviting them in.
Taking steps like these creates the foundations of a cyber security-aware culture within an organisation and ultimately the’ Human Firewall’. To maintain this all training needs to be ongoing: Employees come and go and threats change continuously. The holy grail to addressing today’s Cyber threat is through continuous real-time training where the IT department is set up to run simulations of Cyber-attacks randomly across departments and can monitor how the employee responds to a fake attack. The best networks allow for employees to automatically alert the IT department of any strange or suspicious activity with the touch of a button – effectively quarantining an attack.
The Human Firewall
The Human Firewall will keep many businesses alive, protect them from threats and ultimately give them a robust competitive advantage. It is the result of the right combination of education and technical tools. It is the most expedient and efficient protection for any business. All organisations need to recognise and prioritise Cyber Security and assign accountability for their risk. Cyber Security should never be seen as solely an IT issue but as a real business risk.
There should be no excuse: The tools and platforms are readily available and easy to implement and use. They are simple to deploy and at a significantly lower cost than expensive enterprise software solutions. Businesses can overthink security. They need to go back to basics and do them right by focusing on staff as the first line of defence.
Editor's Recommended Articles
Must Read >> Why employees are your biggest cyber security risk