Cyber-crime is the fastest growing element in the near £40 billion a year organised crime wave sweeping the corporate world. So the inaugural North West meeting of the Security Awareness Special Interest Group (SASIG) heard. The regional event concluded that the “Human Factor” is the biggest area of concern.
SASIG meets regularly to discuss the issues facing businesses across the UK and gathered most recently at QVC’s head quarters in Knowsley, Mersyside on March 7, 2013.
Among the speakers were Helena Fearon, Director of Risk and Compliance, Trader Media Group; James McAllister, Business Continuity Manger, Mersyside Police and Chair of the BCI NW Forum; Richard Davies, Head of Information Security, QVC; and Bernadette Palmer, Head of Communications at info-security awareness consultancy The Security Company.
The discussion went over “The Human Factor in Cyber Security,” and panellists reinforced the idea that human error, ignorance omission or even malicious behaviour was at the root of all data security breaches, and worryingly common within many organisations. The only way to tackle the problem effectively was from within, they concluded, by engaging employees with security awareness initiatives and training.
UK cusinesses were urged to share intelligence, initiate awareness programmes, enthuse senior managers to get involved, use employees as “the eyes and ears” of their organisations, and create a multi-layered defence strategy that incorporates both prevention and detection.
Bernadette Palmer says: “Attendees were reminded that security awareness amongst employees depends on engagement from the top down and the role of senior managers in ensuring the success of any initiative was emphasised. The threat from both malicious and unintentional behaviour by employees presents a significant threat to companies and is to be ignored at the company’s peril. Participants were also advised that many training initiatives are rolled out too early in their awareness programmes. If employees understand ‘why’ (awareness) security is important, they are far more likely to embrace the ‘how’ (training) rather than regarding it as something onerous that must be completed once a year.” SASIG has a members’ website at www.thesasig.com.
