Staff Training 'Not enough to stop most data breaches'

Uploaded on 2016-09-26 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Companies are leaving themselves wide open to cyber-attacks due to a lack of understanding of how to combat staff negligence, with training alone not sufficient to change employee behaviour.

That is according to a new white paper from QinetiQ, which identifies a clear disconnect between employee knowledge and their actions when it comes to cyber security.

The findings seem to back up a recent Ponemon Institute study which suggested that insider negligence is more than twice as likely to cause the compromise of accounts as any other culprits, including external attackers, malicious employees or contractors.

QinetiQ said that businesses should recognise that there is no “silver bullet” for preventing cyber-attacks and suggests that creating a company-wide security culture is the best way to affect employee behaviour.

QinetiQ senior consultant of human performance Simon Bowyer, who is co-author of the report, said: “To educate and influence the behaviour of employees is to restrict the easiest attack route into a business. When employees have a natural inclination towards security by virtue of an integrated company ethos, they are motivated to remain alert to risks and unusual behaviours.

“If firms are to stand a chance against cyber threats firms must design their security strategy taking into account human behaviour and propensity of employees to act in a security conscious fashion. Firms must work towards a vision, where employees recognise the importance of cyber security best practice and how even actions that we all take for granted, like checking a Facebook page at lunchtime, could provide cyber criminals with an avenue into a business.

“Cyber security is no longer the sole responsibility of the IT department. It is the responsibility of everyone. It needs to be closely integrated with the aims of the business and the entire employment lifecycle.”

Staffer arrested by the police on suspicion in the UK

City of London police investigating the suspected insider data breach at accountancy software giant Sage have arrested a 32-year-old woman understood to be an employee of the company in connection with incident.

The arrest was carried out a Heathrow Airport, although it is not known if the suspect was getting on or off a plane. The move comes just days after Sage warned that employee data at nearly 300 UK firms had been accessed using an internal log-in.

The woman was arrested on suspicion of conspiracy to defraud but has since been released on police bail.

DataIQ:

 

« Why Spear-Phishing Hacks Are So Successful
Managing Cyber Risk »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Oasis Security

Oasis Security

Oasis is the market leading platform for non-human identity management. Our mission is to fortify cybersecurity defenses by enabling enterprises to efficiently secure non-human identities.

ITUS Secure Technologies

ITUS Secure Technologies

ITUS offer fully outsourced cybersecurity solutions working with leading security vendors, providing next-gen solutions.