Often you will read that cyber security is an IT problem or in some cases an everyone problem, why don’t we change that narrative. Firstly, Cyber security is not a problem, it is a solution allowing organisations to better ensure their business continuity. Taking this approach opens the conversation up, allowing for a more collaborative and methodical approach to handling what is often a complex and confusing topic.
When we think of cyber our mind automatically goes to computers which ultimately leads us down the path to IT, understanding cyber security is realising that it is more than an IT ‘issue’ and realising that the having the whole organisation support strong security practises helps to protect the whole organisation.
The NCSC (National Cyber Security Centre) describe cyber security as “how individuals and organisations reduce the risk of cyber-attack, its core function is to protect devices that we all use, and the services we access both online and at work, from theft or damage. It’s also about preventing unauthorised access to the vast amount of personal information we store on these devices, and online.”
Why should everyone know what strong cyber security is?
According to a study carried out by IBM, 95% of cyber security breaches are the result of human error, we can argue that humans make mistake and often it is not one individual’s fault, however what human error does mean is that it can be avoidable. Taking steps to mitigate the opportunity of a breach rather than fighting the fire once a breach has occurred is always the better path to take.
Today’s dependency on technology to operate businesses has resulted in a growing number of cyber-attacks and often on a larger scale, this has resulted in greater media coverage. Therefore the consequences of a cyber-attack have shifted to include both financial and reputational damage, often financial damages don’t have to be detrimental to an organisation however sometimes they are. Often it is harder for businesses to recover from reputational damage than it is to recover from financial loss.
The pandemic arguably spear-headed our move to greater digital dependency, although we were already on the road to a digital society, we have arrived faster than expected this in turn lends a hand to the increase of attacks, requiring organisations to get a better handle on their cyber security whilst understanding the risks they face.
Cyber security is more than the IT departments responsibility, but what are the next steps to help the whole organisation achieve strong cyber security?
Everyone will have their own drivers and motivation as to why it is important, but the first step is often helping your team to understand importance, why is the business driving for better cyber security, what does this mean and what are the risk. Ensuring that your staff have an awareness of the consequences and risks to poor security helps to build an argument to improve habits.
Every individual or department may have different drivers as to why and how cyber security fits in with their daily activities so creating an overarching level of importance will help to ensure that every department does their bit to keep the organisation secure.
For example your HR departments motivation may come from the training that will need to be provided or the sensitive data that they hold. Your IT departments motivation may come from the fear of downtime that a cyber breach may cause, similarly the finance department need access to your network to ensure employees get paid, this lends a hand to the argument that a cyber-attack affects everyone then everyone should be required to do their bit to ensure security.
Introducing a strong training and awareness programme is integral in ensuring that your organisation not only understand what cyber security is, but their role, responsibility, and actions to help mitigate and identify the growing threats.
Similarly support from the top is important, cyber security is a conversation that carries the most weight when it is a top-down conversation, this is often harder to establish. This is where we argue that cyber security effects more than just your networks and if carried out correctly can lend a hand to ensuring business continuity and growth.
How do you ensure the steps you are taking are working?
Cyber security experts work their whole lives to understand best practice and ensure that it is thoroughly carried out across organisations and the subject matter is continually evolving so how do you stay on top of it?
In an ideal situation organisations will have a dedicated cyber team especially as the threats and as a result consequences continue to grow. However, this introduces additional internal costs as well as internal resources all of which can be outsourced.
The overall responsibility of cyber security sits heavily within an organisation, however having a third party validate and advice on the steps that you are taking, help to ensure that what is being carried out is effective but also provides you with expert advisors that can help to remediate any shortfalls.
It is important to remember that employing a third party does not mean that you are delegating the responsibility, you are delegating the actions to create responsibility across your organisation.
If you would like to find out more about how we could help your organisations to improve your cyber resilience, please contact us today.