The role of the CISO has been elevated with a spree of high-profile data breaches dominating headlines and scaremongering businesses but, is it their exclusive responsibility to protect an organisations Cyber Security?
One of the most common breaches, as we discuss quite frequently, is human error.
Staff holding doors open to the wrong people, wearing ID badges around town, keeping monitors unlocked, incorrectly storing data or sending it to the wrong recipient.
The fate of an organisation's Cyber Security is truly in the hands of their employees and with a bit of education, we could completely minimise the risk of a breach; but, is education really that simple?
I caught up with a CISO in my network today who said computer-based training programmes simply aren't the answer.
He said: "Education in Cyber Security is tricky as if you introduce computer-based training to monitor people’s levels of awareness you will be met with groans. If you tell your workforce you must do this, by this date, you’ll be tested on it and then you will have to do this annually in line with government legislation you will receive the opposite reaction to the one you’re after.
"I’m pretty confident that if you want information to stick, information which isn’t immediately relevant to their day jobs, it’s not going to happen through computer-based testing. We need to throw this type of education away and embed it into existing training in the same way you would train your workforce not to leave a wire hanging between two desks."
I am working on a white paper which explores the Ideal CISO and how Cyber Security and HR can work together to combat a lack of security education in the office. To receive a copy of the paper, please get in touch.
