Jennifer Fitzpatrick

Cyber Security - Are You The Weakest Link?

As told by Technical Lecturer, Calvin Riskowitz


If one thing became clear in 2015, it was that no organization, regardless of its size or vertical, is safe from a data breach. A breach can happen to any organisation at any time. *Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors. 


At the same time, the very words "Cyber Security review" conjures horror, fear and trembling in most IT professionals' minds, the thought that they may have to implement another series of security systems, protocols and processes is truly dreaded. What's more interesting is that when you talk with companies who have suffered a cyber security breach it is notable that the majority will admit that the breach was caused by an end user. People like you and me, people who are not malicious, but have tech needs the corporate IT structure cannot meet.

That means it will be the result of something either you or I did that causes the next security breach. The inadvertent clicking on a link in an email or the website we browsed (or were directed to) at lunchtime or that attachment we opened. The list is endless, the hackers too numerous to count, the security controls and guards are far too few. Added to all of that when "The Cloud" started to permeate into organisations many Security Managers, SysAdmins and SysOps practitioners discovered there were new ways of doing things, new ways of securing things - and obviously, new ways around the controls already implemented. 

Perhaps it is also time to change the way we approach cyber security, if as the statistics show security breaches are mostly caused by end user actions, why not take a different approach. Perhaps we need a new operating paradigm. One such example could include regular non-technical seminars highlighting new threats and trends, or an internal website with articles about new and emerging threats. Another idea could be a "Scoreboard" in which there is a running score of total number, type of threat and other interesting information that company employees have received/spotted/stopped/or blocked. I can visualise the end of year awards already - "The winner of highest number of malicious email attachments NOT opened this year, goes to Joan in Accounts". 

Human nature is to resist or question the system so making users part of the solution is only one of the many ways to counteract the increasing attack on our computer systems. We like to be part of a team, in fact we're told to be team players. At the end of the day - it's a matter of us; every member of the organisation verses them, the hackers. 


*“ITRC Data Breach Reports – 2015 Year-End Totals” | ITRC

Previous Article New July - December 2016 Training Schedule
Next Article Reap the Benefits of Tailored & Flexible Learning
2580 Rate this article:

Theme picker