Staff Training 'Not enough to stop most data breaches'

Companies are leaving themselves wide open to cyber-attacks due to a lack of understanding of how to combat staff negligence, with training alone not sufficient to change employee behaviour.

That is according to a new white paper from QinetiQ, which identifies a clear disconnect between employee knowledge and their actions when it comes to cyber security.

The findings seem to back up a recent Ponemon Institute study which suggested that insider negligence is more than twice as likely to cause the compromise of accounts as any other culprits, including external attackers, malicious employees or contractors.

QinetiQ said that businesses should recognise that there is no “silver bullet” for preventing cyber-attacks and suggests that creating a company-wide security culture is the best way to affect employee behaviour.

QinetiQ senior consultant of human performance Simon Bowyer, who is co-author of the report, said: “To educate and influence the behaviour of employees is to restrict the easiest attack route into a business. When employees have a natural inclination towards security by virtue of an integrated company ethos, they are motivated to remain alert to risks and unusual behaviours.

“If firms are to stand a chance against cyber threats firms must design their security strategy taking into account human behaviour and propensity of employees to act in a security conscious fashion. Firms must work towards a vision, where employees recognise the importance of cyber security best practice and how even actions that we all take for granted, like checking a Facebook page at lunchtime, could provide cyber criminals with an avenue into a business.

“Cyber security is no longer the sole responsibility of the IT department. It is the responsibility of everyone. It needs to be closely integrated with the aims of the business and the entire employment lifecycle.”

Staffer arrested by the police on suspicion in the UK

City of London police investigating the suspected insider data breach at accountancy software giant Sage have arrested a 32-year-old woman understood to be an employee of the company in connection with incident.

The arrest was carried out a Heathrow Airport, although it is not known if the suspect was getting on or off a plane. The move comes just days after Sage warned that employee data at nearly 300 UK firms had been accessed using an internal log-in.

The woman was arrested on suspicion of conspiracy to defraud but has since been released on police bail.

DataIQ:

 

« Why Spear-Phishing Hacks Are So Successful
Managing Cyber Risk »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.