I attended a Digital Leaders webinar last week on “Digital Transformation through Cyber Resilience. Changing Behaviours from the Boardroom to the Frontline“. The seminar was presented by Nick Wilding (AXELOS) and Amar Singh (Cyber Management Alliance).
Whilst the talk had an angle to enabling board level buy-in (i.e. reasons why the Board needs to pay attention to cyber-security) the speakers presented some very interesting findings. The talk was recorded and put on the Digital Leader’s YouTube channel, so I’ve embedded it below, but in terms of the talk, for me there were two key takeaways:
- 90% of cyber attacks in businesses are carried out via exploitation of human vulnerabilities – this can be anything from the unsuspecting employee clicking on an effected document in an email to someone not patching a security vulnerability.
- Often cyber security education programmes are a box ticking exercises rather than an ongoing strategic programme of activities.
Taken together these two points essentially mean that employees in an organisation are both the cause of cyber-security threats and the solution. If your business implements a strategic approach to training in conjunction with a technical audit and threat assessment you will be better positioned to mitigate cyber threats within your organisation.