Anyone claiming that their cybersecurity product will make you immune to cyber threats isn’t telling the truth.
Hackers and cybercriminals are constantly playing a game of cat and mouse with security experts, and so the threats are constantly evolving.
There is no silver bullet to the issues organisations and individuals face on a daily basis, but that doesn’t mean that we are powerless. Unfortunately, many people do feel helpless thanks to years of aspects of the security industry presenting cybersecurity as a mysterious dark art.
The cybersecurity sector is full of ‘magic’ tech and underdeveloped projects. Little effort is spent on making the basic fundamentals easier to achieve
The feeling of helplessness by many people has led to an attitude where they believe that cybersecurity isn’t their problem, that its someone else's responsibility. Security professionals can certainly do a lot, but if people aren’t willing to protect themselves, then it's inevitable that they will become victims.
Rather than continue the narrative that cyber is something to be feared the sector needs to empower and educate people so that they can take control of their own online security. The British government has taken steps in the right direction with the introduction of the Cyber Essentials scheme, but businesses and organisations still have much to do.
Cybersecurity is often seen and wrongly classed as a purely technical discipline. Whilst this holds true for many of the deep dive technical aspects when an incident occurs it will likely impact the entire organisation. From the IT department to the PR and comms teams all areas will be affected. It is important that these key members of staff, who are sometimes thought of as polar opposites, speak the same language and can understand each other in times of crisis.
“Organisations tend to be well versed in carrying out fire tests and drills – we’ve all become accustomed to this. However, the same can’t be said for cybersecurity practices. Organisations do not test and drill the organisational mechanics enough to ensure, when the inevitable happens, staff who are required to respond and act are supple enough in their approach to dealing with incidents.
‘Getting the basics of cybersecurity right and implemented properly can go a long way to protecting an organisation. There is no point putting the bolt on the front door if you leave a side door open all the time. Implementing the 10 steps for example and ensuring a robust awareness campaign that really drives the message home to staff is a sure way of improving the overall security posture and practices of any organisation,” said Sachin Bhatt Head of Incident Management at XQ Cyber.
By raising awareness of the security basics within an organisation, the risk will be reduced. As most cyber incidents begin through phishing emails, imagine if employees are trained and aware of what they look like. Instead of opening them and potentially compromising the organisation they’ll delete them; voila the threat has been eliminated.
The implementation of basic cybersecurity practices isn’t just down to the IT department but needs to be enforced at all levels of an organisation, from the very top to the very bottom.
Most cybercriminals are opportunistic creatures seeking an easy score. Of course, there are those who are more persistent and capable, but If you make yourself an easy target then it’s pretty much a certainty that you will become another statistic.
As XQ Cyber’s Head of Technical Consulting Andy Rees says; “In most cases, the attack is unlikely to be specifically targeted against you, you will just be one of a million emails on a list the attacker has bought or stolen. Basic protections will keep you safely near the centre of the herd as opposed to being picked off by the Hyenas plaguing the perimeter. That’s not to say that there aren’t professional and organised criminal gangs out there but again as with the offline world they too prey on easier to hit or extremely high-value targets.”
Making people cyber aware and secure is a challenge. After all, it’s easy to drive the fear, but it's not so easy to demystify and empower.
*First published in SC Magazine