A new joint report from BT and KPMG has stated that investing in IT security products alone “is no silver bullet” in the battle against cyber crime. Although investment in technology such as firewalls and anti-virus software is “essential good housekeeping”, companies must realise that there will still be other risks.
“Securing the digital enterprise: The cyber security journey — from denial to opportunity” points out that everyone in the organisation must take responsibility for maintaining high standards of so-called “cyber hygiene”, but that this often necessitates the company investing in training to raise staff awareness in order to create a “security culture”. Whereas staff are often regarded as the weakest point in the security chain, they can instead become the best means of protecting data.
The report also offers advice to all types of businesses so that they can “transform cyber security from operational risk into a business opportunity”. It emphasises that board level discussions must incorporate cyber security into the business’s overarching business strategy and warns businesses against falling into dangerous traps, which include being stuck in either the “denial” and “worry” phases or the “false confidence” and “hard lessons” phases.
However, it points out that security must enable the business rather than hampering it and that a complicated IT solution can also worsen security gaps if staff do not understand it or if it is too difficult to use.
The report can be downloaded at www.globalservices.bt.com
Subscribers to Croner-i can read more on cyber security in our recently updated Information Protection and Cyber Security topic.