CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | June 202019CIOReviewCyberspace. We live in it, we work in it, we transact in it, we exist in it. We spend enormous amounts of money on it, to make it better, to improve our lives and our work. While we strive to make it better, it remains one of the most unsafe places. It is rife with threats. Threats that we can't see, that we can't touch. Threats that are caused by adversaries thousands of kilometres away. At the click of a mouse or a stroke on a keyboard these adversaries can assume our identities, steal our information, our identities and our money.Cyber security professionals are fighting a never-ending battle. Cyber criminals seem to always be one step ahead. Statistics show that security spending has been growing around 15% year on year since 2014, as cyber security became more of a priority for many organisations. So why are we not winning this battle? The answer may be simpler than you think.As security professionals, we tend to think that the answer lies primarily in technology. This is where the problem starts. Traditionally, Information Technology (IT), and IT Security, is technology centric. We develop and implement frameworks, standards and architectures that primarily centre around technology. We understand the risks and threats that the technology faces, we tend not to think about the business as a whole. Furthermore, IT security is seen as being IT's job, so what happens? IT does what they know best: they protect the technology. In essence this is not wrong as our information normally resides on technology platforms. But we forget the user, the human behind the technology. Statistics indicate that around 80% of security breaches are aided by humans, either knowingly or unknowingly. Tactics such as social engineering and phishing is by far the most widely used and is also the most successful. They exploit human vulnerabilities and not By Henry Denner, ICT Security Officer, Gautrain Management AgencyTHE HUMAN REALITY OF CYBER SECURITYtechnology vulnerabilities. Our response to this problem is to throw some more technology at the problem. We spend significant amount of money on technology to fight cyber-crime, but we don't see a decrease in cyber-crime figures. This means that there is still a problem somewhere. Is it the technology, or maybe it is how the technology was implemented? The problem, in most cases, is not with the technology, it is in the way that we approach cyber security.To effectively protect against cyber-crime, our approach to cyber security must evolve. The conversation must change from the notion of protecting technology to a notion of protecting the organisation as a whole, which includes its technology, people and processes. To assume that you are protected simply because your technology is protected is a false reality. Technology is not the solution; it is only part of the solution.Humans must become part of our defence strategy, in fact, humans are critical to our defence strategy! Technology has not yet evolved to the level where it can actively monitor human behaviour. Sure, human actions on technology systems can be monitored and analysed, but the reality is that technology can CXO INSIGHTS
< Page 9 | Page 11 >