Partner Insight : Why your organisation's human and technology cyber security challenges are inextricably linked

clock • 4 min read
Partner Insight : Why your organisation's human and technology cyber security challenges are inextricably linked

Protection must blend human skill and technology, and cyber strategies for both need to be linked

Technology solves and creates problems, both mitigating and creating risks. It can drive productivity or hinder efficiency, defend attacks or lead to vulnerabilities. There is a human element to these issues, as the actions of those using the technology have an impact. ‘PICNIC' - problem in chair, not in computer - is often used to flippantly summarise this impact; however, it suggests that human and technology challenges are distinct. This is not the case.

Humans make mistakes, we are not flawless. Cybercriminals even exploit this humanity through phishing or social engineering attacks. While investing in effective and regular security training for all employees is vital, there needs to be technology in place to minimise the effects of and possibilities for human oversights. Organisations' human and technology cyber security challenges are inextricably linked. Therefore, the cyber security strategies for both need to be linked.

Computing's latest research in this area, conducted in partnership with Intel, reveals how IT leaders are addressing endpoint hardware and remote manageability in the context of their modern cyber security strategies.

Evolving cyber crime

Cyber-attacks are becoming more frequent and more sophisticated. The nature of attacks has changed in the past few years, increasingly aiming at below-the-OS levels by targeting inherent flaws within hardware, the BIOS, and firmware. GCHQ reported a doubling of ransomware attacks on UK institutions last year, while 65 per cent of survey respondents from Computing's research experienced up to 10 cyber security incidents per week.

Attackers often migrate laterally through networks, seeking out and retrieving backups before they are detected. This gives the attackers maximum leverage, exfiltrating data alongside encryption, to then publish or sell data, further reducing the victim's ability to fight back.

64 per cent of respondents say they expect incidents to continue increasing, yet, the entire cohort rate their confidence in their endpoint security an average of 7 out of 10. This reveals weak endpoint security in a time of progressive cyber-attacks.

Human error

Computing research from the past two years demonstrates organisations are consistently worried about security outside the work network perimeter. A huge concern reported by IT leaders surrounds newly minted remote workers and what that means for cyber security on both a personal and conglomerate level.

According to Computing's latest research in the area, the greatest enterprise security threats are phishing and malware, the former often being the vehicle for the latter. 59 per cent of respondents said phishing was their greatest cyber security challenge, followed by 55 per cent reporting malware or ransomware.

Phishing weaponises our humanity - tapping into our kindnesses, curiosities, concerns, and fears. Remote working has meant isolated workers are far more vulnerable. Ordinarily, colleagues would turn to each other if they received a questionable email with a dubious link. Alone, in the home, the temptation may be to just ‘click it and see'. Being outside a corporate environment also impacts the probability of phishing success as employees have domestic distractions and, generally, a less guarded mindset within their own homes.

Organisations recognise that this cannot be entirely combatted by IT expertise. Seven per cent rated inadequate cyber security as the greatest cybersecurity challenge for their business, with 13 per cent expressing a lack of cyber security expertise in their IT departments. These low numbers demonstrate that expertise is in place, but not being transferred to employees. So, what can be done?

61 per cent of respondents said they conduct security awareness training between one and three times a year. Three per cent admitted their employees had never received such training and 39 per cent said it occurred annually. However, these findings cannot reveal the extent or nature of the training. Do they offer in-person training with a chance to engage with the experts and ask questions? Is it a fixed question assessment with a minimum pass rate? Barely more than a quarter said they were completely happy with employee security training at their organisation, highlighting widespread ‘people' vulnerabilities.

The importance of capable hardware

No organisation can completely rely on their employees to never make security mistakes. Having below-the-OS cybersecurity capabilities for endpoint devices is crucial considering the sophistication, spread, and ruthlessness of attacks. 83 per cent agreed either somewhat or strongly that "the most effective user device security strategies combine software, hardware, and cyber risk training."

Having built-in, hardware-level security on a reliable, stable platform can blend technology and supplementary training to reduce overall risks. Hardware-enhanced security features, including below-the-OS security, such as BIOS protection through to advanced threat detection, can help protect against and prevent cyber-attacks.

To learn more about Computing's latest research into interconnected human and technology impacts on cyber security, read the full report

 

This article is sponsored by Intel

Related Topics

You may also like
Hackers launch brute-force attacks on business VPNs and more

Threats and Risks

Hackers launch brute-force attacks on business VPNs and more

The attacks rely on trial-and-error attempts to crack login credentials

clock 18 April 2024 • 2 min read
Last chance to register for Cybersecurity Festival 2024

Security

Last chance to register for Cybersecurity Festival 2024

Book your free place today

clock 18 April 2024 • 2 min read
Interview: Illumio, Security Excellence Awards finalist

Security

Interview: Illumio, Security Excellence Awards finalist

'We are one team, delivering one platform, on one mission to ensure that organisations can realise a future without any high-profile breaches'

clock 17 April 2024 • 5 min read

More on Security Technology

Qualys announces service to help organisations comply with UK NCSC cyber guidance
Security Technology

Qualys announces service to help organisations comply with UK NCSC cyber guidance

NCSC advises patching window of 5-7 days; UK currently stands at 15-17 days MTTR.

John Leonard
John Leonard
clock 17 April 2024 • 3 min read
Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'
Security Technology

Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

'It’s an unfortunate reality that developers have not traditionally been big fans of security'

Computing Staff
clock 26 March 2024 • 5 min read
UK's biometrics commissioners steps down, signalling missteps
Security Technology

UK's biometrics commissioners steps down, signalling missteps

Home Office is ignoring new technologies

Muskan Arora
clock 31 January 2024 • 4 min read