Not original, but true: ‘you are only as strong as your weakest link.’ For cyber security, that weak link usually manifests itself in the people within your organisation. Over 90% of cyber breaches are a result of some form of human error.  Malicious individuals prey on human weaknesses and gaps in corporate culture.

We have found that most of these flaws can be categorised as the result of gaps in policy compliance or routine adherence. Most organisations have policies, unfortunately, often these same organisations often fail to ensure these policies are followed. Failure to comply is typically a gap in either ‘skill’ or ‘will’ – i.e. people are not aware of the policies, they don’t know how to follow the policies, or it is just easier to not follow the policies.

A few simple questions can highlight the organisational gaps:

• Have our employees read and understood our policies? How do we know?
• If policies change, do we have an effective mechanism for communicating those changes?
• If a policy were to be bypassed, or not complied with, would we even know?
• When there are failures in compliance, do we understand the ‘why’?

While some of the burden sits on ensuring that good policies are in place, it remains that even if your organisation has the best policies for addressing security, simple human behavior may render them useless. Closing this gap requires organisations to have the necessary ‘wiring’ – the systems and processes that make an organisation transparent and easy to manage – in place.

Simply put, organisations need to be Wired for Cyber Security. The simple fact is, the demands on an organisation for cyber security are constantly changing. As examples, IoT, operational technologies, 5G, AI are causing a sea-change in what is required for an organisation to be secure. Routines, trainings and policies set up one day may be obsolete within a month or a week.

Security isn’t a ‘set it and forget it’ kind of fix – a truly secure organisation needs a security mindset embedded across all layers of an organisation. Cyber security needs to be wired into every aspect of an organisation to ensure the right decisions and behaviors are happening.

Over the next few months, we will be releasing a series of blogs addressing some of the more common flaws in ‘wiring’ and the steps we believe organisations should be taking to be resilient.