2019 was one of the worst years on record for cyber attacks and breaches*. Over the course of the year there was a massive 54% increase in data breaches* - many with dire consequences.
What you read in the press is the tip of the iceberg when it comes to the fates of global players such as Verizon, Capital One, British Airways and many others, with the implications of many attacks still yet to be seen.
Predictably, IT companies continue to innovate to provide the best in class infrastructure solutions.
Using technology to counter the problem, while necessary, is only one part of the whole solution.
Passing the responsibility to the IT function for a company's defenses is misguided at best; enterprises are now discovering the technology piece is just one piece of the armory.
The fact is that 90% of all breaches are caused by human error** - a massive statistic when you consider that even the most technically robust of networks can be undone by one simple absent-minded click on a phishing email.
Unfortunately the best technical solutions in the world cannot secure IT infrastructure alone. Just as it takes an army to be trained to use the weapons they are given, so it is that a company's people should be trained to defend its systems.
The type of vulnerabilities being exploited by criminals are varied and difficult to address internally without expertise - a natural step is cyber security awareness training.
Many organisations that do implement such programs, often just train the technical staff and thus miss the real source of the problem – the employee at the frontline.
Every computer, every communications device, is an open door and, at the moment, untrained employees are not only opening the door, they are propping it open and inviting them in.
Organisations that understand these attacks and plan long-term, protective measures are the ones that build a real cyber awareness culture.
This should be tackled through a staged approach, as detailed below:
These steps are the foundations for building a strong cyber security culture within an organisation. But, the key is to run them on loop.
Keeping your people up to date and trained makes them your most valuable custodians of your company’s network.
Technical solutions can be massively costly and can often swallow a lot of the budget when it comes to cyber security. However, implementing a program such as this can be cost effective and ultimately invaluable.
The human touch works both ways: it can bring a company down or it can be the best defense.
This article was written by Stephen Burke, CEO and founder of Cyber Risk Aware.
*Risk Based Security - Data Breach QuickView Report 2019 Q3 trends
**Human error to blame for 9 in 10 UK cyber data breaches in 2019