81 per cent of large organisations that were hacked in the last year stated that the actions of their staff aided the attacker. In their latest whitepaper, QinetiQ (Protecting your organisation from itself; The threat from within and how to mitigate it), draw on the Department of Business, Innovation and Skills survey which stated that “People are the main vulnerabilities to a secure enterprise. Respondents believe that inadvertent human error, lack of staff awareness and weaknesses in vetting individuals were all contributing factors in causing the single worst breach that organisations suffered”. Companies not recognising the insider threat to cyber attacks and security issues is becoming increasingly highlighted.
It states the need for cyber security is understood but there is a major gap between knowledge and action. The whitepaper goes on to highlight another survey conducted by the Department for Culture Security Breaches, despite over half of those surveyed stating they sought guidance on cyber security only 29% of businesses polled had formal cyber security policies in place or have cyber security risks documented in continuity plans.
The paper outlines that assessing the security culture within your organisation is crucial and how behaviour is similar or different across the organisation.
“Training can be crucial here to instil the reasoning behind such processes, but equally, the tenets for a good security policy can be applied to work security systems; they aren’t easy to understand or implement, they may well fail”. With this in mind, engaging employee’s in the process of assessing and implementing process and policy may also help to develop a better culture and one that recognises the risks and how to ensure best practice of keeping information safe.
Have you had experience of a cyber security attack in your organisation? What do you think organisations could be doing better?