October is a special month for many more reasons than you might think, beyond the delights of Oktoberfest and Hallowe’en, it’s also Cyber Security Awareness Month. For those of us in the risk sector, this is big. For any business with a foot in the digital game, keeping tabs on cyber security is an essential part of risk management and mitigation. This year’s theme is “Do your part #BeCyberSmart”, really emphasising how important it is for every individual to be doing their part in cyber security to benefit the entire team.
This is something those in risk management are already extremely comfortable with, where the actions of individuals in an organisation can have a massive impact on Risk for the whole team. In cyber security, this really does come down to even the most minute decisions of the individual. Whether a team member keeps their anti-virus updated, or makes sure their passwords are sufficiently strong, or even how they manage secure data on work or personal computers, it all has a massive impact on the potential threats to the business as a whole. From a risk perspective, the strong relationship between individual risk management and enterprise risk management is clear. It is rare to see such a strong link, and it’s even rarer to see such a relationship that affects businesses from virtually every sector.
The situation has been massively exacerbated by the recent coronavirus pandemic, as many employees are unfortunately (or fortunately in some cases) obliged to work from home as offices shut down temporarily. This has brought quite the challenge for both risk and cyber security professionals, as the situation now places much greater focus on the actions of individuals working from home, who are now expected to manage their own risk and cyber security rather than relying on the protections of their organisation. The challenge is even harder for businesses that deal with secure or sensitive data, as the new working arrangements give rise to cyber-attacks that target individuals working remotely to access the business’ secure data.
We’ve seen recent examples of this , not least the very high-profile breach of Twitter secure data being accessed by cryptocurrency scammers. An employee who was not directly linked to secure data had their cyber security bypassed, and this breach was used to great effect by the cyber attackers to access sensitive and private data. The event served as an eye-opener for many multinationals, of how essential it truly is to take a holistic approach to cyber security and how key education is for all employees. Again, this has been clear to risk experts for some time, but a case study in as high-profile a business as Twitter, that received so much news coverage, has brought the message home to businesses from every sector.
Working from home is set to continue into 2021, and with quite a few professionals deciding they quite like this setup, the outlook is challenging for cyber security professionals, and we don’t envy them one bit. Cyber-attacks have been on the rise since the start of the lockdown, and education on cyber security takes time, putting massive pressure on CISOs to minimise the risk faced by their organisation. That’s exactly why we think the theme for this month’s Cyber Security Awareness Month is so pertinent. We have to be working together with staff from every part of our organisations to make sure cyber security is up to scratch, and to make sure everyone is educated on their risks and responsibilities as part of the team. Everyone has to “do their part” to minimise the risk to the organisation as a whole.
Looking ahead to the latter end of 2020 and into 2021, many firms are starting to get even more serious about cyber security, and cases like the Twitter breach, attacks on UK universities, and even the UN’s International Maritime Organisation, have all played a part in encouraging other businesses to upgrade their security. We’re hopeful for the future of cyber risk, the current signs look promising for a sector that is aware of how impactful its risk can be. A cyber security breach can impact every part of the business, and even clients and customers in some cases. Teams working across every sector are passionate about the cause, and that’s sometimes the most important thing.
This October, we implore you to get involved in Cyber Security Awareness Month. Keeping tabs on your security is such a simple way to minimise risk, and cyber security teams are working hard to improve education and accessibility for individuals from every walk of life.