Cyber Security Threats and the ‘Human Firewall’
01 November 2016
The ways through which an organisation can be exposed to cyber threats are rapidly evolving. There has been a 144% increase in successful cyber-attacks in businesses in the past year, and 75% of large organisations suffered staff related security breaches. 50% of the worst breaches in 2015 were caused by inadvertent human error.
Whilst technology provides organisations with automated safeguards and processes, it is becoming increasingly clear that insufficient attention is paid to the 'people' part of the equation. It is now imperative for business leaders and HR Directors to address and bolster their organisation's first line of defence - the Human Firewall.
There are several factors for an organisation to consider to ensure it has a rigorous defence against cyber threats, from the culture and behaviours of the organisation and its employees regarding cyber security to the management and control of employees’ access to confidential data.
Potential threats could be in the form of a current employee clicking on a malicious link in an otherwise unremarkable and seemingly harmless email, or even a recently fired employee purposely leaking confidential data that they should no longer have access to. Irrespective of the cause of the breach, the resulting sanctions and potential reputational damage can be devastating.
Many organisations have established cyber security training and issued communications, such as posters and emails, advising people for example not to share passwords or highlighting the dangers of phishing attacks. But these efforts don’t go far enough. Organisations must embed a culture of cyber vigilance and ensure that they have implemented adequate policies, processes and working practices to best protect themselves against the growing and evolving threat of a cyber attack
This issue can no longer be viewed as the remit of IT; HR Directors have a leading role to play.
“If organisations are going to combat the incredible resourcefulness and ability of attackers they must understand the risks they face and put into place the necessary processes and policies to respond adequately,”
Charlie McMurdie – Senior Cyber Crime Advisor at PwC and former Head of Law Enforcement National Cyber capability in the Metropolitan Police Central e-Crime Unit
I look forward to sharing more thoughts on The Role of HR in Cyber Security next week, where will be discussing the issues of managing contractors, HR systems access and data security.