The buck stops at the top

It is usually CEOs and business owners who ultimately carry the can for cyber breaches. And they are also likely to be the decision-makers on committing investment to fight the problem.

“SMEs may be reluctant to spend on security as they might not believe they could be a target. But we are seeing this attitude changing – smaller businesses could lose everything and never recover. For hackers, it’s probably easier to hit 10 smaller businesses who are less secure than focusing on one larger target,” said Smith.

Collective responsibility fighting cyber crime should make it a team effort, commented Remzi: “If the security strategy doesn’t have users at its core then it is unlikely to succeed as, ultimately, security has to enable users to undertake their role effectively with a frictionless security experience.”

Paul Holland, founder and chief executive at Beyond Encryption, agreed: “I believe there is a job to be done changing hearts and minds to understand the issues, encourage the right behaviours within companies and create environments where firms strive to secure their communications.”

How businesses in the region are dealing with insider threats

People are usually the weakest links in cyber security, making the level of threat from insiders a tricky issue. Insiders could account for around 95% of cyber threats, according to Graeme McGowan, consultant, cyber and security risk, at ESA Risk. “Often, it’s an innocent mistake due to human error rather than malicious actors,” he said.

‘Often, it’s an innocent mistake due to human error rather than malicious actors’

Whatever the reasons, employees (rather than their bosses) can find themselves blamed for data breaches. “Employees put more data at risk when working from home. ICO/Arlington reports that 73% of employees involved are either disciplined or even sacked, so the implications for workers are profound,” said Holland.

Groom noted that many insider jobs are preceded by ‘dry runs’ to see how much can be found or stolen. “This is where monitoring comes in. Insiders working from outside the firewall and the organisation’s parameters can be blocked much more easily,” he said.

Dealing with threats posed by insiders may be a sensitive issue, but it is one that companies can’t afford to ignore. “It is vital that they consider human behaviours alongside investment in the appropriate technological tools,” said Emmans.

It can be hard deciding where to draw the line between trusting staff and protecting your business assets. “You have to give employees the freedom to access systems based on trust. Privileged access management is good, so long as the right people are gaining access and have been properly authenticated,” said McGowan. MAY/JUNE 2021


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45