Human training: just a pretty bow on the box?

Human training: just a pretty bow on the box?

human, training, cyber, security, GDPR, TEISS2018

At #teissLondon2018 Vijay Rathour, Partner with the Digital and Forensic Technologies Group at Grant Thornton, will be making his case for why training is a waste of money.

Yes, that’s right.

In a controversial head to head, Rathour will question why anyone is prepared to rest the entirety of their cyber security on the shoulders of the least trained person in the workplace.

Rathour alludes to the recent Hawaii ballistic missile incident and states, “We have to respect that human users are the ultimate beneficiaries of all of the technology we’ve got, so we need to account for the fact that they are potentially a risk factor in this ecosystem. Of course we need to train them but fundamentally why is there not a systemic security safeguard that prevented that from happening?”

Human training: just a pretty bow on the box

“Human training is essential but there must be systemic safeguards behind that to prevent that ballistic warning going out unchecked,” he adds.

Rathour thinks it’s easy to blame the humans. “From my perception if you’re going to have multi-million dollar fines and a fallout as a result of customer confidence, surely it’s in your interest to have appropriate technical safeguards to prevent the risk of a cyber-attack, data breach and data loss. So your human training is frankly just a pretty bow on the box. You’ve got to have all that infrastructural security around that.”

Studies show, according to Rathour, that online security awareness training given to staff only improves day-to-day online hygiene by 2%. If so, is that really the best place to spend your money?

Investing in cyber security: what businesses should consider

“Understand your risk factors, what type of business you are in and the severity of the risks to you subjectively. Then you can distribute your money proportionately to address the risks that may face you as a business,” advises Rathour.

He adds: “From the perspective of the ICO (Information Commissioner’s Office), regulators, or customers – when this is all splashed over Twitter – if you can say we invested in the best security we could afford proportionately, nobody can deny that you’ve done what was appropriate.”

Spend what is proportionate for your particular risks

Rathour says: “Something is better than nothing at all. In light of the GDPR fines, if you spend nothing there will be egregious pain from the ICO, but if you’ve spent something – you’ve demonstrated you’re on a journey. Of course attacks can still happen, but if you prevent 90% of your attacks – you’re getting fairly good bang for buck.”

  • Understand what your risks are – specifically in your business
  • Spend proportionately
  • Understand that perfect security is nigh impossible to achieve

 

 

 

 

 

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]