Replying to emails on-the-go, BYOD strategies and remote working can make it harder than ever for organisations to keep tabs on their employee's network activity. Cybercriminals are becoming smarter and more manipulative, they aim to by-pass your IT team and deliberately target those 'unaware' employees who are the 'weak link' in your security strategy. While your business may have the best technology defences, cybercriminals know that your people may be less well defended.
The importance of people
How do you make the most risk-averse decisions for your technology investments when your day-to-day duties mean your knowledge, time and resources are over-stretched?
Each year meticulously analyse the cyber industry and their detailed “Cyber Security Landscape” graphic below is a perfect example of why SMBs can feel overwhelmed when it comes to making technology decisions for their business.
Clouds are those blurred masses of condensed watery vapor floating in the sky whose gloomy nature often leads to questionings around their true physical state. Are they really tangible? Could we touch what we look up to? And above all, is there a difference between what we imagine seeing and what they truly are?
In anything but name, data is today’s most used currency.
In the current business paradigm, structured by big tech firms over a decade ago and replicated since by a number of online platforms, individuals willingly provide their personal information in exchange for a service. Personal data is subsequently repackaged – anonymised or not – and sold to advertisers and marketers.
The “When-Not-If” paradigm around cyber-attacks is changing the deal completely around cybersecurity.
Many large organisations now assume that breaches are simply inevitable, due to the inherent complexity of their business models and the multiplication of attack surfaces and attack vectors which comes with it.
Many CISOs complain of communication problems with their business. They are not being listened to. They are not getting the budget they think they should get. They feel their business prioritises against security too often.
It has been a recurring theme amongst information security professionals for the best part of the last 15 years, and it is rooted in a wide range of factors, amongst which the profile of the CISO is often a dominant limitation.
Cybersecurity has risen as a key issue on the radar of virtually all organisations. As a recent AT Kearney report suggests, cyber-attacks have been topping executives’ lists of business risks for three straight years. In fact, the overwhelming majority of organisations have experienced some form of cyber-attack at some point over the past few years.
The same title often hides a large diversity of roles, positioned differently across their respective organisations. It often reflects the maturity of each firm towards the appreciation of the threats it faces, the need for business protection, and its appetite for controls.
For large groups, in particular where business units or geographies manage their own bottom line and have a significant degree of autonomy in real terms, it can result in a large population of security practitioners across the group with very diverse approaches, objectives and priorities.