Organisations must not forget about the human element of cyber security, working with HR teams and staff to deter insider threats, according to a panel of experts at the Information Security Europe conference.
Jenny Radcliffe, the founder and director of Human Factor Security, commented: “I’m always sceptical of people and businesses who focus only on the technology side, keeping the human side separate – attackers don’t see it that way, people are often the best targets.
“That approach does the industry a disservice,” she continued, pointing out that every employee has a price or pressure point.
Research just last week revealed that nearly half (45 per cent) of office workers would be willing to sell their firm’s corporate information, according to cyber security startup Deep Secure, which found that a quarter of employees would accept £1,000 as the price for giving away company information to outsiders, whilst five per cent would offer it for free.
Sian John, Microsoft’s EMEA chief security advisor, explained that such attackers are very rarely malicious to begin with, but something changes while they are at work.
“Conventional hacker tools are less useful for detecting these kind of threats – the people will already have access and may know where to find the secrets – so it has to be a combination of HR and cyber security approaches,” she stated.
“You must first understand what normal looks like, in order to spot anomalies,” John added, noting that machine learning can be helpful to work this out.
Radcliffe said that with ‘spearfishing’ attacks, hackers can manipulate staff into working against their company, so it’s important to teach people how to deal with such intrusions.
“You can’t just throw money at these things, it’s a long and sometimes difficult process, but you have to be truthful with employees about the consequences,” she stated, adding that it’s hard to find the balance between being honest and scaring staff.
Keyun Ruan, an EMEA security specialist at Google Cloud, agreed that security risks are increasingly shifting from corporate network attacks to those focused on individual identities.
“Cyber insurance policies are improving, alongside better response procedures and media training, but the biggest challenge today is that companies don’t know where there data is stored or how to access it - there’s still a lot of work to be done on internal data control management.”
Latest News
-
BigTech failing to protect millions from new ‘convincing AI scams’, warns Which?
-
Ben's Soft Pretzels boosts automation across 185 locations with new restaurant platform
-
Nvidia to send 260,000 AI chips to South Korea
-
Cyber criminals increasing monitoring of UK businesses, warns BT
-
Virgin Media O2 to launch satellite-backed mobile coverage with Starlink in 2026
-
Vodafone agrees to buy German cloud specialist Skaylink for €175m
The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.
The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories