The People Problem in Cyber Security
The People Problem in Cyber Security
The majority of security breaches are “not due to the failure of the technology implemented, but the decisions and behaviour of the people that use them.” This is the main message driven home by Kelvin Papp, Head of Technology, Transparity, at the Microsoft Future Decoded Expo in October.
The root cause of security breaches can almost always be narrowed down to the fact that users generally don’t behave in a very security-focused manner. And that’s understandable - when it comes to using technology and the internet, the behaviour of a general user versus the behaviour of a trained IT professional is vastly different. On top of this, the ‘people problem’ is exasperated in the cloud, as it is increasingly difficult to control.
“Security breaches are not due to the failure of the technology implemented”
The Software Advisory Service team attended the Microsoft Future Decoded Expo at the start of October, and one of the insight sessions was led by Kelvin Papp, Head of Technology at Transparity. Papp led the audience into an exploration of what the People Problem is, and how businesses can address it whilst still balancing productivity.
What is the People Problem?
Have you heard of something called Alert Fatigue? Alert Fatigue is when a person is repeatedly faced with an alert or an alarm (such as a recurring fire drill or a pop up notification requesting an update), becomes desensitised and no longer reacts to it. That’s the epitome of the people problem. Phishing is another great example of the people problem - phishing attacks are targeted specifically to play on human error. A researcher at Erlangen-Nuremberg University discovered that, although they claim to be aware of the risks, 78% of people still click on unknown links in emails. But the biggest, often unsuspected danger - passwords. Passwords are set up by the users themselves, usually quite quickly and thoughtlessly. From outright guessing, to observing a user’s patterns, passwords are almost always hackable - so unfortunately, but also logically, a huge amount of security attacks happen on passwords.
Education, education, education
Of course, fighting threats is impossible without the right tools. Yet, when it comes to truly minimising the effects of the People Problem in Cyber Security, education is key. Employees should be given the right tools to succeed, in the form of the right technology as well as the right training. The continuous evolution of information and technology dictates that the only way to keep up is to stay ahead. As the landscape evolves, so do the threats associated with it. It’s terrifying to think, but at the end of the day, cyber crime is a business; a business facilitated by experts. You wouldn’t put a dentist up against a lawyer in a courtroom, would you? Employees need to be trained in the arena they’re playing in, and in this day and age, every employee, regardless of department or position, utlises some sort of technology. If an employee isn’t trained to recognise or suspect a potential threat, they can’t be expected to avoid, report or remove it. As the first line of defense, employees need to be armoured accordingly.
Cyber Security as a Business Culture
We’ve clarified that businesses often invest heavily into their cyber security technology but don’t always recognise or invest sufficiently into their employees’ training - which boils back down to the people problem. Cyber security should be a culture within the business context. If a culture is the personality of a company, a cyber security culture is the skin and bones keeping it all together.
A business with cyber security as a culture is made up of employees that are aware, reactive and informed.
Safe, not restricted
It’s important for users, especially those with who are learning-on-the-go and don't have a background in cyber security, to be safe, but not restricted. Solutions such as Microsoft 365, used in conjunction with regular training, perhaps even outsourced by solution providers, allow employees to go about their normal job whilst functioning in a safe, secure space and manner, without being rigidly controlled.
Ready to rethink your Cyber Security strategy?
Fill out the form, and let one of our software experts find the best cyber security solutions for you.
Six Questions with SAS: Ani Alexander
Ani Alexander Talk-o-nomics Host, Blockchain Marketer, International Speaker, Startup Mentor,...
Six Questions with SAS: Erica Stanford
Erica Stanford Founder of the Crypto Curry Club Founder of CCC Events- Tech for Sustainabil...
Six Questions with SAS: Bill Buchanan
Prof Bill Buchanan OBE, PhD, FBCS Professor of Cryptography at Edinburgh Napier University.
Six Questions with SAS:Bridget Greenwood
Bridget Greenwood, Founder at the Bigger Pie.
Six Questions with SAS: Mia Baker
Mia Baker, B2B Product Lead at Prenetics International, answers Six Questions with SAS. -Wi...
A Conversational Future
One of the most significant modern trends to take the world of technology, and subsequently th...
ERP Review: The Pros and Cons of Odoo
Odoo ERP has grown a significant following around the world. But will it be the right ERP syst...
The Best Secure VPNs (with Free Trials)
Are you looking for the best secure VPN on the market? Our security experts have gathered up a...