Tech Tips
Cyber security demystified
Marion Stewart, Chief Executive Officer, Red Helix demystifies the language and the concepts used in cyber security.
B
usinesses across the UK have undergone significant digitalisation in recent years, fuelled by the rise in remote working and the efficiencies gained
through advances in modern technology. According to Gartner, 91% of businesses are engaged in some form of digital initiative and 87% of senior business leaders say digitalisation is a priority. Digital transformation is undoubtably bringing
advantages to enterprises and stakeholders, but it is not without risk. As the monetisation of cyber-crime continues to grow, cyber criminals are finding new and more sophisticated ways to exploit vulnerabilities and launch targeted attacks. As the digital landscape expands, so does the threat surface. For many, cyber security can be a complex and technical field, often
only fully understood by those individuals with a background in IT or security. Yet, understanding the basics of cyber security has become crucial for all employees working in a digital environment, since they are on the front line and the most likely to be exposed to common attacks that exploit lack of knowledge to extort information or cause harm to the company. Therefore, it is essential for organisations to ensure that their employees receive adequate training so that they recognise and respond appropriately to such threats.
How to ensure employees are equipped to spot threats The first and most vital layer of defence in any organisation is its people. Often referred to as ‘the human firewall’, the effectiveness of this layer can vary, depending on the quality of training and the level of awareness among team members. Therefore, creating a company- wide culture focused on risk awareness is essential – with employees knowing not only the protocols in place but also the reasons behind them. By doing so, organisations can reinforce their cyber hygiene and reduce the risk of cyber-attacks affecting their business. It is important for businesses to understand that strengthening the
human firewall is an ongoing process that requires regular training and assessment, alongside a systematic program that identifies and fills any gaps within employees’ knowledge. Additionally, this training should break the information down into real-world scenarios and plain English explanations that are easy to understand over and above technical jargon. As a result, training will become more consumable for all and will have a greater impact, especially if the information is presented in
www.pcr-online.biz
context with real-life examples. Most employees won’t need to know the technology behind a cyber-attack, but they should understand how to identify them and what action should be taken if a breach does occur. To further ensure that staff cyber hygiene is up to scratch,
regular assessments should be conducted to identify if there are any knowledge gaps or particular areas of vulnerability such as the ability to recognise phishing attacks. Future
sessions can then be tailored to focus on strengthening these areas of weakness in particular - ensuring employees are better equipped to spot such attacks in the future.
Translating cyber for board members For most members of staff, awareness is key. For board members, however, there is an additional challenge as they are the ones with overall responsibility for the business; they need to understand the types of different cyber risks facing their business, the investment that needs to be made to mitigate and the impact security will have on protecting their organisation. They also need to know what ‘good enough’ is for their company with regards to the risks they face, covering the cyber hygiene related to the business risk verses [potential large investments to cover every eventuality is something that boards need to consider as they think about protecting the business. While cyber security is becoming more of a priority for businesses,
without understanding the varying levels of protection offered by different solutions it can risk becoming a simple tick-box exercise, rather than a crucial part of a business continuity plan. To avoid this, the focus when presenting cyber security to the c-suite should be on the security status posture, rather than the technical aspects of them – highlighting how they reduce risk, their alignment with business objectives and the return on investment they can provide. Although the terminology jargon used to describe cyber security
might be familiar for some board members, to resonate with the majority the focus should be on translating complex technical terms and jargon into understandable business language, helping to ensure that the whole board understand this, as well as why they need to. In doing this, executives will have the means to make more informed decisions on resource allocation and risk management, as well as gaining a more comprehensive understanding of the increasingly important role cyber security plays in business development. Also, importantly, it will help assist boards making investment decision to ensure this is targeted in the right areas for their business.
January/February 2024 | 13
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
