Cybersecurity Series: Training
Organisations of all sizes and from all sectors have something in common when it comes to making decisions about cybersecurity: historically it is so embedded in an organisation’s IT function, that it is difficult to get buy-in for security measures that aren’t in the form of software or network devices. They forget that the system they are attempting to secure is not simply a technical system, it is a socio-technical system facilitating activities carried out by people.
The majority of reported incidents contain an element of human error. An unsuspecting user clicks on a link accidentally, connects an already-infected device into the network, or discloses information to a person or website that they are unable to distinguish from the “real thing”.
Technical security measures are effective, the more we add the more and higher the digital walls around our company’s assets become. The problem is that we grant our employees the keys to doors our walls, the ability to invite other people through those doors and the right to judge which people can follow them in.
And people make mistakes.
Decision makers like cybersecurity options presented with an indication of how much risk they will reduce and software vendors are getting better at providing that type of information. Human actions are far harder to measure, helping to perpetuate the preference for technical cybersecurity measures.
However, cyber security training gives us the opportunity to reduce a vulnerability that contributes to 100% of cybersecurity incidents, by helping us make the best decisions for our companies, reducing the number of mistakes, and helping us react more successfully if a breach does occur.
CLICK HERE: With that in mind, the following download provides an overview of some of the types of cybersecurity available to the non-expert.
ABOUT OUR CYBERSECURITY SERIES
Clayden Law has teamed up with technical expert, Emma Osborn. and over the next few months we will provide some back-to-basics analysis of the technical, legal and data protection issues surrounding cybersecurity, aimed at organisations’ non-technical decision-makers. Together, we’ll be highlighting key cybersecurity and data privacy fundamentals and looking at the interplay between law and practice in this area. For more information, click here.