Webinar playback: are people your largest untapped resource for cyber resilience?
Ade Clewlow, Senior Advisor, NCC Group
From talented cyber security professionals to each employee that accesses your corporate system every day, people are the first – and last – line of defence when it comes to the cyber resilience of most organisations.
Changing working habits are also contributing to this – in an analysis of the views of 290 cyber security decision-makers, NCC Group found that 39% reported an increase in insider threats, with 51% blaming remote working for the rise.
With this in mind, investment in people and cyber skills – from the early stages of education through to all stages of an individual’s career – is an effective way to bolster cyber resilience on a large scale. But there are several challenges to overcome first.
In our latest The Big Three webinar, I spoke with Lynn Webb, Chief Information Security Officer at The Open University, Jonathan Slater, co-founder at CAPSLOCK, and David Orr, Head of Managed Services at NCC Group.
Here are the key topics we discussed:
BRIDGING THE SKILLS GAP
To build a more resilient society and business landscape, we need more skilled professionals – but how do we address the skills gap?
Jonathan Slater said that greater policy-level support, combined with the efforts of cyber security businesses, can be transformative.
“Cyber security employers can play a big role in opening doors for people,” he said, as well as supporting professionals in keeping their skill set up to date in a rapidly changing landscape.
Including cyber skills and awareness on the school curriculum can also make a real difference, Lynn Webb argued, stating that cyber awareness should be taught in early education to create greater awareness throughout an individual’s life.
THE IMPORTANCE OF A DIVERSE AND INCLUSIVE CYBER SECURITY SECTOR
Key to addressing the skills gap is ensuring that the cyber security sector is as inclusive and welcoming as possible. David Orr agrees, highlighting that in particular, diversity of thought in the industry is crucial to creating a safer and more secure world.
Lynn highlighted the importance of broadening the industry’s perception of what a cyber security professional looks like. Rather than prioritising a specific set of cyber skills, employers should look for leaders and individuals that are good under pressure, understand risk, and know what makes a great product. This way, Lynn said, the sector can appeal to a much wider pool of people.
Jonathan agreed, and told us that, at CAPSLOCK, it’s important that people are judged by their enthusiasm for learning, rather than their history and skills.
MAKING EVERY EMPLOYEE CYBER AWARE
Resilience isn’t just down to cyber security professionals. Everyone can play a part, whether their role is technical or not. As part of our research, we found that 29% of decision makers agreed that a lack of appropriate controls had contributed to a rise in insider threats – and this is where education around broader cyber awareness comes in.
David Orr said that to build resilience, organisations must focus on “technology, process, intelligence, and most importantly, people. All good and bad things happen because a human did something or failed to prevent something from happening.”
Company culture is a prime example. David said that the right or wrong culture can make a significant difference – for example, a less resilient culture could mean that visitors are not challenged when walking around a company building without a visitor badge. Ultimately, creating the right security culture comes from the leadership of that organisation.
While these are significant challenges to overcome, understanding the part that individuals, employers and policymakers play in boosting cyber awareness, is the first step to creating a more resilient society.
To listen to more in-depth insights from our panel of experts, watch the full webinar on-demand here.
Insight Space – People
This webinar playback concludes our latest edition of Insight Space which tackles the importance of people when it comes to ensuring an organisation is truly resilient.
We’ve put together technical and executive insights, case studies and practical advice focusing on how organisations can manage their people risk.
Find out more here.