Weakest Link in Cyber-Security: IT or Human Resources?
A stark reality facing businesses today is the ever-growing threat to create and maintain cyber-security. And though the reality is pervasive, many companies still lack the best strategy for addressing it. The profundity of this concern is not a subject of debate. Companies know it’s essential. The struggle comes from coping with the potential damage to corporate image, negative impact on consumer trust, loss of revenue, liability to customers, and the ever-increasing statutes imposed by lawmakers and agencies who point the finger at businesses for failure to take charge when it comes to preventing data theft.
Cyber-attacks are real and occur frequently in the places we shop, the materials we move throughout factories, and nearly everything we take for granted. Incessant waves of computer, server, cloud and mobile hacking have led to compromised data, unwarranted access to private information such as Social Security numbers and bank accounts, and industrial espionage. The attacks on companies are countless. The Heritage Foundation reported that in 2015, “companies saw an average of 160 successful cyber-attacks per week, more than three times the 2010 average of 50 per week.” As early as 2006, Joe McGrath, at the time the president of Unisys, called the security of data and systems processes “an incredible challenge in the global/digital economy.” Even in 2017, this is still true. In fact, the problem has intensified.
Although the threat is known, businesses give little more than lip service when it comes to cyber-security. They tend to overlook vulnerabilities even as the number of mobile devices increases. Too many companies allow employees and associates to access data from either corporate-owned or private devices away from the workplace. Despite password protection and/or encryption, it’s this type of access where cyber criminals are able to penetrate servers through apps or other stealth measures.
Hackers remind us regularly
that no system is totally secure. It’s a lesson most businesses should have
learned by now. Yet as the search continues for the flaws in technology, many
companies are learning that the weakest link in cyber-security may not be a
function of technology at all. Instead, popular opinion seems to lean more
toward people as the culpable and
tenuous link, specifically those who manage and maintain IT systems. In their
ongoing quest to resolve pressing cyber security issues, perhaps the time has
come for businesses to give at least tantamount attention to the human element as
they do the technological one. By reallocating their efforts more toward the
human link, corporate America will see the wisdom in treating human resources
as their first line of defense.
Lessons Learned in Addressing Cyber-Security
An intense focus on infrastructure cannot diminish the necessity of protecting raw data and keeping it safe. To guard against cyber-security, it is essential to consider the human element and review and revise policy with three essential components in mind.