Are human beings really the biggest cyber security risk?

IT Governance recently undertook a survey on the subject of cyber security. In the survey (Boardroom Cyber Watch Survey 2013 Report – download for free), the biggest threat posed to the information and IT systems within the organisations that chose to respond was found to be from the organisations own employees (54% of respondents).

But why is this the case? Is it that human frailty comes into play here and results in these organisations becoming vulnerable to cyber attack or is it due to more subtle causes such as the culture in these organisations?

There is no definitive answer here, but there are several possible reasons. Some of these reasons are listed below:

  • Criminals infiltrating the organisation to steal IP
  • Lack of staff awareness of cyber security issues
  • State-sponsored cyber terrorism

From my many years of experience of working in organisations both large and small, the key cause I believe is cultural. It is either the lack of knowledge of cyber security issues or the attitude within an organisation not supporting the goal of protecting information and the systems that process it.  

But how do we mitigate these threats to our information and systems? The answers are pretty simple really. Firstly, boosting staff awareness of information  and cyber security issues and informing them of the policies and procedures in place to protect the organisation’s information is key. E-learning is an ideal solution to boost staff awareness – Information Security E-Learning Course.

‘An investment in knowledge pays the best interest.’
Benjamin Franklin

Additionally, changing the culture toward cyber security within an organisation is just as important. Cyber security should be seen as an issue that is everyone’s responsibility, not just IT’s. But how to do this? Find out how in Cyber Security Culture  how you can ingrain a culture that protects an organisation’s information assets.

‘Man’s biological weakness is the condition of human culture.’
Erich Fromm

Finally, physical controls can be put in place to prevent data loss. One such solution could be a data labelling solution such as Boldon James Classifier. By enforcing a document classification system using Classifier, it is possible to prevent information from being sent outside of the organisation that doesn’t have the correct classification.

One final figure, the UK National Audit Office has found that cyber security incidents cost the UK economy between £18-27 billon per year. If you don’t want your organisation to just become another number, take cyber security seriously!