Staff Training 'Not enough to stop most data breaches'

Uploaded on 2016-09-26 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Companies are leaving themselves wide open to cyber-attacks due to a lack of understanding of how to combat staff negligence, with training alone not sufficient to change employee behaviour.

That is according to a new white paper from QinetiQ, which identifies a clear disconnect between employee knowledge and their actions when it comes to cyber security.

The findings seem to back up a recent Ponemon Institute study which suggested that insider negligence is more than twice as likely to cause the compromise of accounts as any other culprits, including external attackers, malicious employees or contractors.

QinetiQ said that businesses should recognise that there is no “silver bullet” for preventing cyber-attacks and suggests that creating a company-wide security culture is the best way to affect employee behaviour.

QinetiQ senior consultant of human performance Simon Bowyer, who is co-author of the report, said: “To educate and influence the behaviour of employees is to restrict the easiest attack route into a business. When employees have a natural inclination towards security by virtue of an integrated company ethos, they are motivated to remain alert to risks and unusual behaviours.

“If firms are to stand a chance against cyber threats firms must design their security strategy taking into account human behaviour and propensity of employees to act in a security conscious fashion. Firms must work towards a vision, where employees recognise the importance of cyber security best practice and how even actions that we all take for granted, like checking a Facebook page at lunchtime, could provide cyber criminals with an avenue into a business.

“Cyber security is no longer the sole responsibility of the IT department. It is the responsibility of everyone. It needs to be closely integrated with the aims of the business and the entire employment lifecycle.”

Staffer arrested by the police on suspicion in the UK

City of London police investigating the suspected insider data breach at accountancy software giant Sage have arrested a 32-year-old woman understood to be an employee of the company in connection with incident.

The arrest was carried out a Heathrow Airport, although it is not known if the suspect was getting on or off a plane. The move comes just days after Sage warned that employee data at nearly 300 UK firms had been accessed using an internal log-in.

The woman was arrested on suspicion of conspiracy to defraud but has since been released on police bail.

DataIQ:

 

« Why Spear-Phishing Hacks Are So Successful
Managing Cyber Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

Innov8tif

Innov8tif

Innov8tif is an AI company specialised in providing ID assurance solutions — helping digital businesses to prevent frauds by verifying and authenticating customers identity.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.