Why people are often the biggest holes in our cyberdefenses – and what to do about it
Security assurance depends on human actions and knowledge everywhere from the mailroom to the corner office.
In response to the clear and present danger of digital threats, many businesses have intensified their focus on improving their technology and strengthening their cybersecurity. Yet a prevailing focus on IT means companies are not doing all they can to counter digital threats — increased reliance on technology alone is not the cure-all. Organizations must take the initiative to address one of the biggest holes in our cyber defense and the biggest risk factor in securing data, devices and networks: people.
More than technology, security assurance depends on human actions and knowledge. The best security technology in the world won’t work without appropriate human intervention. There is a strong need for specialized security education, training and certification for IT personnel — but it cannot stop there. To be truly effective in preventing and combating security threats, organizations need to take steps to spread security awareness and knowledge through the entire organization, from the clerk in the mailroom to the CEO in the corner office.
Based on CompTIA research and surveys, we have seen that employee behaviors don’t always follow best practices. Behaviors such as using the same passwords or log-in credentials for business and personal accounts, conducting private or financial transactions on unsecured networks, or plugging in unfamiliar USB devices are commonplace.
Organizations that fail to acknowledge and address these facts run the very real risk of landing in the headlines due to a severe digital breach. To build more resilient cybersecurity, organizations and governments must embrace the challenge of closing the technology skills gap through training and initiatives to engage a wider, more diverse cross-section of our work force.
A broad-based, comprehensive and periodic training program – one that is both meaningful and engaging for all users in an organization – will help to not just educate, but reinforce good behaviors by requiring the worker to demonstrate an understanding of the steps one must take to cultivate a safer cybersecurity environment.
We also have found success by partnering with city-based programs to reach underserved communities; and partnering with professional women technology workers to encourage younger women to consider a career in IT.
CompTIA is at the forefront of cybersecurity protections, with best practices and credentials, including Trustmarks for organizations and professional certifications for IT workers, including CompTIA A+, Network+ and Security+. And we are on a mission to educate the workforce on sound cybersecurity behavior, through our Cybersecure training program, for anyone who touches a PC, laptop, smartphone or tablet.
Organizations understand the risks of insufficient cybersecurity and have invested heavily in technological solutions to counter the threats. But organizations also must take the initiative to address the individual as part of our defense, work proactively with vendor partners to ensure good practice outside our organizations, and engage our state and federal legislators on the important impacts that cybersecurity laws may have on business.
Only then will our organizations be able to truly up their game in cyberspace.
Todd Thibodeaux is the president and chief executive officer of CompTIA, the ICT Industry Trade Association. He is responsible for leading strategy, development and growth efforts for the association. Before joining CompTIA in July 2008, Thibodeaux spent more than 17 years with the Consumer Electronics Association (CEA), where he served in a wide range of roles culminating as its senior vice president of industry relations.
Follow Todd on Twitter @CompTIACEO.