by Joseph Socolof
Contributing Editor

Not original, but true: ‘you are only as strong as your weakest link.’  For cyber security, that weak link usually manifests itself in the people within your organization.  Over 90% of cyber breaches are a result of some form of human error.  Malicious individuals prey on human weaknesses and gaps in corporate culture.  We have found that most of these flaws can be categorized as the result of gaps in policy compliance or routine adherence. Most organizations have policies, unfortunately, often these same organizations often fail to ensure these policies are followed. Failure to comply is typically a gap in either ‘skill’ or ‘will’ – i.e. people are not aware of the policies, they don’t know how to follow the policies, or it is just easier to not follow the policies. A few simple questions can highlight the organizational gaps:

  • Have our employees read and understood our policies? How do we know?
  • If policies change, do we have an effective mechanism for communicating those changes?
  • If a policy were to be bypassed, or not complied with, would we even know?
  • When there are failures in compliance, do we understand the ‘why’?

While some of the burden sits on ensuring that good policies are in place, it remains that even if your organization has the best policies for addressing security, simple human behavior may render them useless. Closing this gap requires organizations to have the necessary ‘wiring’ – the systems and processes that make an organization transparent and easy to manage – in place.

Simply put, organizations need to be Wired for Cyber Security. The simple fact is, the demands on an organization for cyber security are constantly changing. As examples, IoT, operational technologies, 5G, AI are causing a sea-change in what is required for an organization to be secure.  Routines, trainings and policies set up one day may be obsolete within a month or a week.  Security isn’t a ‘set it and forget it’ kind of fix – a truly secure organization needs a security mindset embedded across all layers of an organization.  Cyber security needs to be wired into every aspect of an organization to ensure the right decisions and behaviors are happening.

Over the next few months, we will be releasing a series of blogs addressing some of the more common flaws in ‘wiring’ and the steps we believe organizations should be taking to be resilient.

Leave a Reply

Your email address will not be published. Required fields are marked *