By Guy Higgins
Data breaches have been making headlines on a regular basis over the past couple of years. Target, Home Depot and the Federal Government Office of Personnel Management are just three of the organizations that have experienced massive data breaches. The Ponemon Institute reports that there are hundreds of thousands of cyber attacks annually. Obviously data breaches are a major and growing problem.
I recently read a blog titled, “Turning to technology to prevent data breaches.” I was intrigued by the title because I don’t believe in “silver bullet” answers, and this seemed to imply that some technology would be a silver-bullet answer to the problem.
I was pleasantly surprised when I read the article. The author explained very clearly that, while technology must certainly be part of the solution, there is a huge improvement to be realized by educating the workforce on the threats from and defenses against cyber attacks – ways to prevent data breaches.
According to the annual Ponemom report on data breaches, a third of all data breaches are the result of vulnerabilities created by employees. This is a critical point. For a relatively tiny investment in training and education, companies can eliminate the vast majority of these vulnerabilities. Does that mean that technology is not important? Of course not, but technological defenses against cyber attacks is an ongoing and never-ending effort. For every defense that is fielded, the attackers will develop new attacks that will, in their turn, require new technological defenses. Investments in those defenses must be made, but those investments will be inadequate without a parallel investment in improving employee awareness and commitment to cyber security. The article’s author recognized the need for this parallelism when he wrote,” Cybersecurity’s future will require humans and machines to work symbiotically.”
This symbiosis cannot be achieved without educating the workforce. As Eric Konicki, general manager of Shred-it Australia was quoted in The Australian, “Every single employee; even if you have janitors employed they need to be educated as to what and how you need to proceed when handling confidential information or if you come across it.”
There is nothing new here; the workforce is the most important, and also the most versatile, resource available to any company.