The people problem in cyber security
The biggest danger to your organisation is the people working in it. You probably know that already. You probably tell your clients that, although you possibly don’t put it as starkly as that. But it’s not a surprise to anybody, as evidenced by the recent TechBeat survey for DataSolutions which found 60% of senior IT decision makers considered “human error to be the greatest cyber threat facing Irish businesses”.
That’s a pretty scary statistic although some might argue it’s not quite as frightening as it should be and that, possibly, some companies place greater faith in their employees than they should.
On the face of it, it’s also quite concerning that 63% of respondents believe “their organisations are not equipped to deal with all emerging threats”. But then, when you think about it, maybe that’s not so worrying because, by their nature, “emerging threats” are not necessarily things you expect to be able to deal with immediately. It’s really only once they’ve “emerged” a little further and proven to be threats that you need to be able to deal with them.
“Employee training costs money. Employees cost money too. Surely, if you believe that employees are the biggest security threat to an organisation then, taking that belief to its logical (Swiftian) conclusion, the best way to reduce the danger of human error is to reduce the number of humans. And the more you reduce them, the better”
Anyway, when it comes to countering human error, David Keating, security specialist at DataSolutions, argues that spending more time on training “could help equip companies for the biggest perceived security threats. From carelessness and error to phishing attacks, most of the leading security threats are heavily influenced by people and so employee cybersecurity training is a no-brainer for business leaders who are serious about cyber protection”.
And you can’t really argue with that. Or can you?
Well, employee training costs money. Employees cost money too. Surely, if you believe that employees are the biggest security threat to an organisation then, taking that belief to its logical (Swiftian) conclusion, the best way to reduce the danger of human error is to reduce the number of humans. And the more you reduce them, the better. In fact, the best outcome from a security perspective in terms of eliminating human error would be to remove humans from the equation altogether.
You could argue that humans are proving ill-equipped to deal with the evolution of cybersecurity threats because they are failing to keep up with the pace of evolution of those threats. If you removed them from the equation, you would also make many forms of cybersecurity threat extinct.
Logic isn’t everything, however, because getting rid of all the workers would probably force your company into extinction – even if it was better protected against cyber threats.