Risk assessments focusing on the people, processes and technology overemphasize the information technology organization. The critical focus needs to be on the “user”–since even a world-class information technology function can be interrupted by a single action performed by an individual user. Internal audit needs a fresh perspective that emphasizes the individual user–who is the front line of cyber readiness–in addition to any administrative, physical and technical controls. This whitepaper will provide a framework for conducting internal audits to evaluate three key elements of preparing users to be threat-ready.
Cyber-attacks aren’t just getting more frequent, they are also becoming significantly more vicious and sophisticated. Gone are the days when an obviously fraudulent email arrived from a foreign country asking for a bank account number. Today’s cyber-attacks are far more targeted and subtle, and the stakes are high regardless of company size or industry – no one is immune. A cyber breach can devastate a company, and carries the far-reaching negative impacts that continue to ripple outward long after the initial financial losses. These indirect damages include a tarnished brand reputation, lost relationships, and possible legal liability.
Cyber criminals count on the fact that busy people perform hundreds, if not thousands, of daily actions on a computer or device connected to the internet and they know that most of those actions are performed automatically and without much thought. As a result, the majority of today’s data breaches result from human error, making cybersecurity a “people problem” as well as a technology issue. The solution to this people problem goes beyond IT, and it can’t be solved by purchasing new hardware or software or implementing sophisticated and thorough network testing. Instead, it involves cultivating an entirely new employee mindset around cybersecurity–one that is motivated by more than facts and fear, one that is based on continually raising awareness and putting secure actions and decisions at the forefront of the company culture.
Discover the three elements required for companies to build an effective human firewall in this publication.