Technology has enabled many companies and organisations to remain resilient through the COVID-19 pandemic by enabling distributed working. Not too long ago, video conferencing from home was the stuff of sci-fi and James Bond movies. For many, now it is the norm. The ability to work remotely from a multitude of portable devices has also changed our security and risk landscape. Great efforts have been made to secure the technology, yet one constant remains – people.
People are a businesses’ or organisation’s greatest asset. People are creative far beyond anything a computer can currently achieve and are driven by their own senses and feelings, but this can also make people your greatest weakness. While machines are predictable, ‘stupid’ and do as they are ‘told’, people on the other hand are unpredictable.
Like water, people will find the easiest path when sufficiently driven (or incentivised) – the path of least resistance to achieving the objective. Often that objective is the one which they are rewarded / assessed against.
Without malice bypass security controls put in place to protect a business or organisation people could unwittingly place an organisation at risk. This could be as simple as using a public dropbox to transfer sensitive data. This is only one half of the ‘people equation’. You also have the malicious actor., the threat actor or the hacker.
How to identify threat actors/hackers and cyber threats
While threat actors are extremely creative, motivated and capable people, their drivers are different. They are not always external to your organisation or business (the inside threat) and they don’t typically advertise their presence – or at least until it’s too late. So, how do you identify the threat and determine their capabilities and motives in order to best defend yourself, business or organisation? Unfortunately, it’s not as easy as finding a person with a hooded-mask in a coffee shop with a laptop. This is where an appropriate and well implemented threat intelligence solution can help.
A Threat Intelligence solution is more than just machines, a broad spectrum of people, experts and a myriad or data points. So what does an appropriate threat intelligence capability look like for you and how do you scope and implement one? Join me and Robert Dartnall on October 21 where we will be discussing this very topic.
Most of us don’t have a MI6 or a ‘Q’ of our own to help us out, so where can we start? Security starts with your greatest asset. Your people. It starts at home from, picking up a tech device, to reading the news, social media and to answering messages or emails.
Take the time to think about the potential risks before you act. Consider your surroundings, information and data you are looking to share and the method/medium and ask yourself “is it really worth the risk?”. Seek training from your employer, and if the business solutions are inappropriate, highlight this fact.