Your next business priority? Why you’ll be training all your staff in cyber security in the next five years
In this guest opinion piece, Costas Michalia, Group Strategic Director at Fiora, tells business leaders why they’ll be training all their staff in cyber security in the next five years.
Once the preserve of a niche team of highly trained specialists, the democratisation of cyber security is now firmly on the map. And if your company hasn’t started to consider cyber security training for your wider team, you’ll soon be adding another business priority to your list.
A recent article from Cisco led me to learn that close to 90% of businesses worldwide have been victims of phishing attacks. That’s an almost inconceivable number, and breaches tend to follow hot on the heels. These attacks are often successful because of one thing: human error. With almost 86% of those organisations having a user trying to connect to a phishing site. Artificial Intelligence (AI) and machine learning (ML) are useful tools in combating these kinds of attacks, but they can’t operate in isolation.
Taking it seriously
Security, poor passwords, lack of rotation, poor education, bad practice – it’s something that we can all be guilty of. It’s also something we’re more likely to laugh about – how many of us use the same, simple password (“I love Liverp00l FC”) across a number of work sites because it’s hard to remember more than one? We’re not currently taking it seriously, but we soon will. We need to show the same respect for data that we show for other commodities.
New tech being rolled out
Banks, and services like Apple Pay, are all trying to remove the human error element by building in facial recognition, NFC and fingerprint payment (see the latest Apple hardware, for example). Ecommerce brands including Amazon will continue to support the consumer, giving them the benefit of the doubt and refunding false purchases. This technology will increasingly be adopted by more and more B2B as well as B2C businesses. We are likely to get to a point when machine learning has identified those individuals who are constantly being compromised because of their own mistakes, and, ultimately, these individuals could start to be penalised by AI.
Education around security
As my eyes were opened to the sheer number of attacks on businesses, so we will need to educate our colleagues and communicate just how widespread the issue is. It’s no longer a case of isolated incidents picked up by the media – it’s a 24/7 problem that will only get worse as technology continues to grow in sophistication. This is where the importance of good staff training will come in – it will become as much a part of the induction process as learning how to share files and request annual leave.
The evolution of HR
The HR department is, in turn, likely to morph into something akin to People and Capabilities and as the onboarding process becomes increasingly automated, the employee will be exposed to security protocols. These could cover several key topics, including:
- How to identify phishing attacks
- Removable media protocols
- Password and authentication protocols
- Physical security
- Mobile device security
- Working remotely
- Public wifi
- Social media
- Cloud security
- Internet and email use
Hybrid working challenges
With 30% of the UK workforce classified as hybrid workers, working away from the office will remain a huge challenge. It’s no secret that there’s been a sizable increase in attacks directed at remote workers. The cloud has caused new challenges for security teams along with individuals in companies who are unable – or less keen to – adapt to new protocols. Hybrid and remote security will need to be a specific area of focus as the hybrid model shows no sign of fading away.
Likewise, the Internet of Things – including TVs with built-in webcams, Alexa devices with mics and cameras, security door bells and cameras – will cause further cyber security challenges. We are already facing a shortfall in cyber security talent – demand will only grow.
With every challenge, comes an opportunity. The focus on cyber security also provides a chance for business leaders to upskill their workforce and create a more digitally aware team. The government has promised to close the digital skills gap with its Levelling Up white paper, unveiled in the spring. Now is the right time to ensure the whole of the UK’s workforce is cyber security savvy.