Human risk prevention
By focussing on your people, you can greatly improve your organisation’s security posture. This isn’t about watching what your users do but looking for abnormal and unusual behaviours that could indicate a security risk.
Cyber Security tends to focus on technology and securing the organisation against outside threats. It is often forgotten that a significant proportion of breaches come from your own users or “malicious insiders”. Cyber criminals actively work to exploit your people rather than your technology – as this is easier. If your users have poor cyber security awareness, then it doesn’t matter how much you spend on technology, you’ll always have a vulnerability. How you successfully improve the cyber awareness levels of your users, monitor risky and malicious behaviours to prevent any damage, by mistake or otherwise, is critical to a modern security strategy.
Common tactics
Phishing – in the broadest sense, phishing is any attempt to persuade someone to interact with an unsafe email. Phishing emails are used to trick recipients into opening unsafe attachments, clicking unsafe URLs, handing over account credentials or sensitive information, transferring money, and more. Email Fraud – these attacks can consist of an email, or series of emails, purporting to come from a senior person in your organisation asking the recipient to transfer money or send sensitive information. It does not use malicious attachments or URLs, so it can be hard to detect and stop.
Technology alone isn’t enough
Cyber Security solutions in the main look to secure organisations using technology. In addition, those technologies are too often designed to only detect threats which originate from outside the organisation. We now know that technology alone isn’t enough – employee awareness about cyber security and the threats they are susceptible to are critical to successful cyber security. New tools can help you understand which of your users are demonstrating risky behaviours and need help, as well as those looking to deliberately damage your organisation. Malicious insiders could be an employee or user that has criminal intent to defraud or maliciously damage your organisation. Research by the Ponemon Institute found that 23 percent of incidents involved an insider.
Why Trustmarque
We understand that for most organisations’ security today isn’t straightforward. Our experts will help you simplify the inherent complexity of cyber security and ensure that you find and implement the right solutions for you.
With over 20 years’ experience, we have built a well-established, award winning, customer focussed cyber security team. They know that our customers are at different points in their security evolution, and achieving your desired state isn’t a one size fits all approach.
Factors like digital transformation, increased volume and sophistication of attacks, compliance obligations and overall appetite for risk make your security challenges unique to you. Trustmarque’s portfolio of cyber solutions and strategic partner relationships mean we can deliver professional services, technology and 24×7 UK based managed services to meet every one of your organisation’s cyber security needs.
