Companies risk serious security breaches if they fail to educate their staff properly, according to a leading academic.
Addressing attendees of the Cyber Warfare 2008 event in London, Debi Ashenden, Senior research fellow at the Defence College of Management and Technology explained that employee behaviour is often overlooked when firms are securing their IT and information infrastructure.
“Lots of organisations claim to have a culture of information security but in most cases I would say that this is not true and unfounded. We need to get end users on side,” she said. “We can’t ignore them anymore. We need to move away from command and control and interact with them.”
Referring to several high profile security breaches that have made the headlines, Ashenden argued that mistakes such as these were a result of human error, adding: “ We need to find a way to make people streetwise and question core beliefs so they question this kind of behaviour before it’s carried out.”
A recent survey by PricewaterhouseCoopers (PwC) also indicated security policies alone will not increase awareness amongst the workforce, as PwC’s Chris Potter explains: “What companies are realising is that increasing security awareness is only part of the answer. The critical issue is changing the behaviour of their people.”
Back to top