Cyber security: What’s the biggest issue faced by organisations today?
We are living in a world that is increasingly connected. From eCommerce and cloud-based solutions, today’s solutions are designed to deliver better collaboration, enhance customer engagement, and deliver digital insights for better decision making.
Listen to the Blue Door Podcast, episode 14: ‘Cyber security: protection at what cost?’
However, an increasingly connected world means a need for increased security. When we talk about cyber security we’re talking about mitigating threats that look to steal, compromise, embarrass or hold to ransom an organisation’s information. At Blue Door Expo held in October 2020, we asked an expert panel what they saw as the biggest security issues faced by organisations today.
The shift to remote working
Patricia Nicola, Head of Venture Development and Partnerships at Telefónica’s start-up accelerator, Wayra, believes that the shift to remote working has created a new set of cyber security challenges. Hackers have targeted tools that are used for remote work, and exploited the sense of urgency that the pandemic has created with Covid-themed phishing emails. Wayra has seen some very competent, authentic-looking phishing emails throughout 2020, and Patricia Nicola expects them to continue for some time to come.
The human element
Phil Donnelly, a Detective Chief Inspector at Derbyshire Police, sees the biggest threat to cyber security as ourselves:
“I suppose the biggest issue is education and that human element, because you can build the biggest and most secure network in the world, but we still have to be able to interact with it.”
Phil fears that we ourselves become the weak link, largely because the way that criminals are exploiting social engineering and phishing are become ever more sophisticated, making it increasingly easy for people to fall from them. The solution requires a cultural shift for organisations, recognising that mistakes are common, and encouraging people to acknowledge and report their mistakes without blame.
At O2, for example, we run a regular phishing simulation awareness programme, which simulates an attack on one of our business units. We know how easy it can be to fall prey to an attack, because a percentage of users click on the links embedded in the simulation. By simulating this activity, we can see what education and process improvements we can make to ensure we’re always improving prevention as well as remedy. With a greater emphasis on flexible and remote working, it’ll be more important than ever for organisations to get security information out to their users, regardless of location, and to ensure that appropriate training is provided.
Nick Dawson is Global Head of B2B Solutions at Samsung. Although Samsung has embraced flexible working for many years, he echoed the panel view that having more people working outside of the bounds of the office has the potential to affect security.
“We’ve got more people […] accessing more critical systems than ever before. And they’re not always aware of the dangers that they themselves pose. Most people don’t act out of malicious intent, but they make mistakes nevertheless, and expose themselves to risk.”
Marcel Van Der Heijden is Lead Partner, Deep Tech, at Venture Capitalists Speedinvest. He also sees human error as potentially the greatest threat to cyber security, which is why his organisation has been focusing on technologies that try to take humans out of the loop when it comes to security. For example, using software that authenticates users to systems seamlessly, without human intervention, or finding ways to help IT professionals deal with large volumes of security alerts, giving them the means to correlate and manage them effectively.
Looking to the future
For Marcel, it’s important for cyber security professionals to identify and monitor threats that may not be prevalent today, but could take root in the future. And so Speedinvest looks at initiatives such as post quantum security, as well, considering ways to detect and combat defects, as well as to protect the AI systems that companies are rolling out.
During the panel discussion, the group went on to debate how best to integrate the various elements of the security ecosystem, how to ensure that security doesn’t get in the way of someone just doing their job, how SMEs should budget for cyber security effectively, the role and impact of cloud services, and the mindset required to stay one step ahead of the cyber criminal.
We listen in to highlights from the discussion in episode 14 of the Blue Door Podcast.