Is cyber security an issue for only the IT department?
Cyber security is generally based on the specialised controls initiated in the technical department to protect data held inside an organisation. The greatest issue today, however, is concerning users of the frameworks where this data is held. The users represent a major risk, either through deliberate activities or by accidentally doing something unwise. Most data breaches involve weak, default or stolen passwords and human error accounted for more than half of the root causes of security breaches in to date in 2017.
And one of the most common threats today is that of ransomware; the encrypting of files by an attacker who then demands a ransom to release them. This attack is usually based on sending a targeted email to a member of staff within an organisation with the person opening the attachment and looking at the file before realising it has no relevance to them. The act of opening the file typically downloads the malware onto the computer which is then encrypted, or used to encrypt other machines on the network it has access to and not long afterwards the ransom demands start arriving.
Instructing staff to not open links or files in unknown messages is a standout must among the most important precautions for organisations to focus on today. While it is realistic to set up specialised control systems to prohibit links and connections, or prevent connections being entered into, it has a tendency to be at a high cost to the productivity of staff. What the crap is this last part supposed to mean?
The risks from cyber attacks are no longer just a technical problem. The recent attacks reported in the media over the past year have often resulted in serious financial damage being done to the organisations involved. Everyone is at risk, whether they are small business owners or huge corporations. It has become a priority to deal with such threats at all levels within a business with senior management needing take the initiative in dealing with them. Such threats can’t be seen as a problem only for the IT department and they need to be viewed in the same manner as all serious threats to an organisation.