Staff Training 'Not enough to stop most data breaches'

Uploaded on 2016-09-26 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Companies are leaving themselves wide open to cyber-attacks due to a lack of understanding of how to combat staff negligence, with training alone not sufficient to change employee behaviour.

That is according to a new white paper from QinetiQ, which identifies a clear disconnect between employee knowledge and their actions when it comes to cyber security.

The findings seem to back up a recent Ponemon Institute study which suggested that insider negligence is more than twice as likely to cause the compromise of accounts as any other culprits, including external attackers, malicious employees or contractors.

QinetiQ said that businesses should recognise that there is no “silver bullet” for preventing cyber-attacks and suggests that creating a company-wide security culture is the best way to affect employee behaviour.

QinetiQ senior consultant of human performance Simon Bowyer, who is co-author of the report, said: “To educate and influence the behaviour of employees is to restrict the easiest attack route into a business. When employees have a natural inclination towards security by virtue of an integrated company ethos, they are motivated to remain alert to risks and unusual behaviours.

“If firms are to stand a chance against cyber threats firms must design their security strategy taking into account human behaviour and propensity of employees to act in a security conscious fashion. Firms must work towards a vision, where employees recognise the importance of cyber security best practice and how even actions that we all take for granted, like checking a Facebook page at lunchtime, could provide cyber criminals with an avenue into a business.

“Cyber security is no longer the sole responsibility of the IT department. It is the responsibility of everyone. It needs to be closely integrated with the aims of the business and the entire employment lifecycle.”

Staffer arrested by the police on suspicion in the UK

City of London police investigating the suspected insider data breach at accountancy software giant Sage have arrested a 32-year-old woman understood to be an employee of the company in connection with incident.

The arrest was carried out a Heathrow Airport, although it is not known if the suspect was getting on or off a plane. The move comes just days after Sage warned that employee data at nearly 300 UK firms had been accessed using an internal log-in.

The woman was arrested on suspicion of conspiracy to defraud but has since been released on police bail.

DataIQ:

 

« Why Spear-Phishing Hacks Are So Successful
Managing Cyber Risk »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Salus Cyber

Salus Cyber

Salus is a provider of world-class cyber security services, enabling our clients to identify and manage their cyber risks proactively and effectively.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Texaport

Texaport

Texaport's vision is to be the trusted partner of choice for organisations seeking comprehensive IT management and cutting-edge security solutions.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.