Cyber Security – It’s a Team Effort
Throughout 2022 there has been much noise around the increase in cyber security threats and the impacts this has had on businesses. Often, lots of the information discussed is around the tactics or the systems or process in place (or lack of). While these efforts are notable in their sophistication, it misses the bigger picture: the people involved. It is people that were ultimately responsible for the attack, people who made the mistakes which let the bad guys in, and people who will be affected in the fall-out.
Cyber security is simply a team effort. We must therefore ensure we have the right blend of players on the team. We must train hard. And we must think more strategically to outplay our opponents.
A People Thing
Although around since the 1960s, the idea of “people, process and technology” was popularised in cyber security circles around two decades ago. The challenge is that organisations often focus on updating their processes and investing in new technology without implementing people-focused aspects of cyber-risk management.
Yet people are behind both the problem and the solution. You can have the most advanced email security system in the world. But if a phishing message slips through the net, it takes just one untrained user to click through and the organisation could be exposed to crippling ransomware or large-scale data theft.
Especially during a time of mass remote working, people can be a weakness in the cyber security chain. According to a study by IBM, 95% of cyber security breaches result from human error. But people can also offer our best chance of success if we play the right game.
Building Your Team
The most important element of building your IT team is to have someone in charge to bring all the disparate parts together and ensure they’re working in harmony and towards the business objectives. Ideally it would be a CIO or a vCIO, but most importantly they have a full understanding of what’s happening in the whole team more broadly. Just as a football manager must have a good relationship with the club chairman and CEO to secure funds for new players, CIOs or equivalent must be able to articulate security challenges in a way the board understands to win budget for staffing and technology investments.
Finally, the whole team needs to train if it wants to be match fit. It should have an incident response plan that is regularly practised. And it should work through scenario planning in general to understand who does what when the whistle blows and they’re facing an attack.
The Bigger Picture
However, there is a much larger team at play here—every single employee in the organisation. If trained and managed properly in best practice secure data handling and phishing awareness, they could provide a fantastic first line of defence which the opposing team may find tough to break down. There are many ways of doing this, one way of doing this is through delivering some standard cyber awareness training for staff. At Evolve, we believe this education is successfully managed through an initial cyber awareness training supported by ongoing, drip fed, relevant information from the IT team about potential threats, ongoing issues etc.
Don’t Let the Side Down
While it’s relatively easy to check the progress of your team in football (goals scored and conceded, matches won, lost and drawn), things aren’t quite that straightforward when it comes to cyber security. It will require you to continuously track KPIs like intrusion attempts, days-to-patch and phishing click-throughs. Exactly which ones will depend on your business and risk appetite, although doing so effectively requires excellent visibility into core IT systems.
What’s The Cost of a Poorly Managed Team?
What is unarguable is the cost of not doing so. According to IBM, the average cost associated with a UK data breach in 2020 was $3.9 million (£2.9m), although this can increase significantly depending on circumstances. Health and care organisations cost more than double that, for example. The bottom line is the longer attackers are allowed to dwell inside your network—finding and exfiltrating data and/or deploying ransomware—the more expensive the clean-up operation and the bigger the impact on corporate reputation.
Cyber security teams face an agile, determined and increasingly well-resourced opponent today. They need to have a plan and execute it well. They need to practice and train hard. And they need to understand their opponents inside-out. The good news is there’s plenty of time left on the clock. And there are experts you can call upon to help build a match-winning strategy.
Evolve Computers are experts at Cyber Security. From building out a robust IT strategy (through our vCIO services) to delivering on the IT tactical plan to ensure your business becomes and remains secure it what we do, every day. It’s our passion to see you continue to run and operate the business you have with ease.
To book an initial 30 min consultation call to see how we can support your business please click here.