I am very pleased that the very well-respected informtion security professional, Mr Mike Ouwerkerk, founder of Web Safe Staff, has agreed to provide a guest post. Please see his post and bio below, and if you want to know more about the innovative awareness training his company provide please have a look at their website Web Safe Staff. Thanks Mike!
Mythical Cyber Security = Unacceptable Risk
The Fantasy World
What
is this mystical cyber security beast? “IT looks after that”, and “I’m not a
target” people say. Anyway, it’s all a bunch of hardcore hackers sitting in
dark rooms with their hoodies, powerful laptops and illegal software. They
furiously type out their malicious code looking to crack the incredibly complex
IT security systems of large multinational corporations.
So
yay, we can relax knowing that we’re not the primary target, and anyway our
company has great technical solutions in place to protect the data and systems
from external threats. Everyone gets a free IT security blanket and can feel
all warm and fuzzy!
The Real World
OK
snap out of it - that’s total fantasy! This is the real world we all face:
·
If you are breathing, you are almost certainly being targeted
by scammers.
·
They will try to trick you into giving out your money or
data.
·
Your data can be used to make money (from you and others).
·
They don’t usually waste their time on hacking IT systems, because
people are easy to trick.
So
yes, the unfortunate reality is that you are a massive target. Basically,
everyone you know is a massive target. Your company, your job, your colleague’s
jobs, your personal information, your kids information, your bank accounts,
your identify – they’re all at risk, and there are countless automated drag net
operations trying to catch millions of people at a time. Cross your fingers that
they don’t actually do some research on you and make a scam incredibly
believable because that’s how the scammers get the big paydays!
Sadly,
many companies are either oblivious to the risks, or ignorant of the risks
faced by their staff. They rely on technical solutions to stay safe, but statistics
tell us that this just doesn’t work because most breaches are via people.
The Impact
The
mythical cyber security beast quickly disappears when a breach happens. When
you don’t suitably address risk, it is more likely to occur, it will occur more
often, and the impact can be greater. Suddenly the impact is real, and the
financial implications for companies can be staggering when considering recovery
costs, downtime, mandatory reporting, reputation damage and lost customers.
This is what we need to avoid, and to achieve this we need people to understand
the real world, and be able to deal with the threats posed in the real world!
Demystifying Cyber Security
We
need to demystify cyber security so companies get their heads out of the sand
and see what’s really going on. So all staff become aware of the scams they are
faced with and know that they need to be suspicious and stop to think before
they act. So everyone knows they are a target, and with good knowledge they can
make a massive difference by protecting their company, themselves and their
family. And ultimately so that we can massively reduce the success rate of IT
scams, and start winning the war against the criminals.
There
are no grey areas here, this is a war worth fighting and winning!
