Friday 25 July 2014

The role of communication in effective cybersecurity

A recent study of 5,000 cybersecurity professionals has found that ineffective communication between security specialists and company executives is one of the biggest barriers to reducing the number of cyber attacks made on company computer systems.

Of the 5,000 respondents to the survey, 31 percent said that they had never sat down with an organisation’s top brass to talk about cybersecurity, while 23 percent said they met execs to discuss cybersecurity just once a year.

This is a cause for concern for cybersecurity professionals who share a common gripe about the general lack of understanding about the link between loss of data, and loss of revenue. This is hardly surprising given just how infrequently the two parties communicate.

To combat this lack of understanding and the scarcity of skills which is particularly prevalent in the public sector, private ftp alternative providers such as Thru are being hired, via the G-Cloud, to increase awareness and improve the level of cybersecurity within government agencies.

The increase in agility

In an increasingly agile world where businesses want to be able to respond instantly to new opportunities or a change in customer demand, security can often come as an afterthought.

However, as attackers change their tactics, it is essential that cybersecurity professionals are in regular contact with company executives to increase their understanding of the new threats that arise as a result of new opportunities.

Executive teams should understand what threats the business faces, what the capabilities are within the company to defend against those threats, and whether a threat is industry specific or targeted at the business in particular. This approach makes it easier to identify weaknesses within the organisation and improve cybersecurity in the future.

Cybersecurity discontentment 

The research also revealed an underlying discontentment harboured by a good proportion of the survey’s respondents with the current security systems in place. In fact, some 29 percent of respondents said they’d like to overhaul their current security, while 13 percent said there would be no point changing anything about their current system as a determined attacker would be able to breakthrough whatever systems were in place.

These statistics are quite telling and reveal just how underprepared many cybersecurity professionals feel in the face of increasingly sophisticated attacks.

New advice on passwords

To change the subject slightly, Microsoft has managed to increase the discontentment of a few security experts with its latest advice on passwords.

The recommendation, which flies in the face of the advice many cybersecurity professionals have been dishing out for the past decade or so, advises users to identify the importance of a particular application, and assign a password which is comparative in strength. So, relatively weak passwords should be used to protect less important websites, while strong passwords should be used to access important applications, such as banking.

However, some experts have come to the defence of conventional wisdom, claiming this approach would be just as burdensome for consumers as choosing a strong password for every site.

In an article in TechNewsWorld, the senior director of a leading cybersecurity provider, said: “Regular users have trouble distinguishing what ‘important’ and ‘non-important’ services are. Most people understand that banking is important – but the distinction is not always clear on other services.

“Password re-use is a significant threat, both to individual users and organisations. As users choose the same passwords for online and organisational services, the organisation’s exposure to attack grows.”

Does your cybersecurity team regularly communicate with the top brass? If not, do you think this approach would help to improve your security? And what do you make of this latest advice on passwords? We’d love to hear from you, so please leave your thoughts in the comments section below.


James Davies is a tech blogger and internet start-up owner based in Southend-On-Sea. When he’s not blogging for some of the UK’s most authoritative websites, James can be found paddle boarding and windsurfing. He’s not very good at either, but that’s by-the-by.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.