I am very pleased that the very well-respected informtion security professional, Mr Mike Ouwerkerk, founder of Web Safe Staff, has agreed to provide a guest post. Please see his post and bio below, and if you want to know more about the innovative awareness training his company provide please have a look at their website Web Safe Staff. Thanks Mike!
Mythical Cyber Security = Unacceptable Risk
The Fantasy World
What is this mystical cyber security beast? “IT looks after that”, and “I’m not a target” people say. Anyway, it’s all a bunch of hardcore hackers sitting in dark rooms with their hoodies, powerful laptops and illegal software. They furiously type out their malicious code looking to crack the incredibly complex IT security systems of large multinational corporations.
So yay, we can relax knowing that we’re not the primary target, and anyway our company has great technical solutions in place to protect the data and systems from external threats. Everyone gets a free IT security blanket and can feel all warm and fuzzy!
The Real World
OK snap out of it - that’s total fantasy! This is the real world we all face:
· If you are breathing, you are almost certainly being targeted by scammers.
· They will try to trick you into giving out your money or data.
· Your data can be used to make money (from you and others).
· They don’t usually waste their time on hacking IT systems, because people are easy to trick.
So yes, the unfortunate reality is that you are a massive target. Basically, everyone you know is a massive target. Your company, your job, your colleague’s jobs, your personal information, your kids information, your bank accounts, your identify – they’re all at risk, and there are countless automated drag net operations trying to catch millions of people at a time. Cross your fingers that they don’t actually do some research on you and make a scam incredibly believable because that’s how the scammers get the big paydays!
Sadly, many companies are either oblivious to the risks, or ignorant of the risks faced by their staff. They rely on technical solutions to stay safe, but statistics tell us that this just doesn’t work because most breaches are via people.
The mythical cyber security beast quickly disappears when a breach happens. When you don’t suitably address risk, it is more likely to occur, it will occur more often, and the impact can be greater. Suddenly the impact is real, and the financial implications for companies can be staggering when considering recovery costs, downtime, mandatory reporting, reputation damage and lost customers. This is what we need to avoid, and to achieve this we need people to understand the real world, and be able to deal with the threats posed in the real world!
Demystifying Cyber Security
We need to demystify cyber security so companies get their heads out of the sand and see what’s really going on. So all staff become aware of the scams they are faced with and know that they need to be suspicious and stop to think before they act. So everyone knows they are a target, and with good knowledge they can make a massive difference by protecting their company, themselves and their family. And ultimately so that we can massively reduce the success rate of IT scams, and start winning the war against the criminals.
There are no grey areas here, this is a war worth fighting and winning!