13 January 2015
Last week I read an article in Computer Weekly that claimed traditional security was putting UK businesses at risk. It was based on findings by Cisco in a recent survey and, quite honestly, I’d have to agree.
Focusing on fixing security breaches once they have happened is reactive, when actually we all need to be acting more proactively, making sure we have the ability to stay one step ahead of cybercriminals. That’s not to say we can always prevent attacks, as there are some very clever people out there, but there are still so many businesses acting as low-hanging fruit for hackers.
One of the main threats exposed by the poll, which questioned 1,000 employees across the UK, was internal, with only 58% of people surveyed being aware of major security threats to them and their company, and 37% admitting to low or moderate levels of security compliance.
So what’s the solution? In my opinion it’s a lot to do with education. We’re lucky to have an amazing team heading up our training and education programmes at UKFast. Education shouldn’t stop when you leave school and it certainly shouldn’t disappear altogether when people start working. The only way to stay ahead of the curve and keep growing and developing is to keep learning.
Having said that, I also think there’s another issue at play here, as there are still people in the security market charging huge sums of money for their products and services. As someone who has built a business from two people to two hundred people, I know how tight money can be and how many balls you can be juggling at once. So I think that we, as businesses, have a role to play when it comes to educating people about cybercrime, as well as a responsibility not to make security prohibitively expensive.
What approach do you think businesses should be taking towards security? Is employee awareness a weak link?