Many organisations are looking to address the cyber risk in the behaviours of their workforce. For some, this reflects an increased awareness of the cyber threat. For others, in the financial sector, for example, who have invested heavily in cyber security, it is because, despite their investment, they remain vulnerable.
The particular challenges they face are the ever-changing threat landscape and a workforce that, in many cases, has not received sufficient training and has to deal with an environment where it is often difficult to work securely while also meeting the requirements of their role.
Most organisations operate through a combination of technology, process and people. In cyber security, the first two actions are relatively straightforward to put in place. The third, the people, is less clear cut and less predictable.
Some people respond to training, some don’t. If an individual is unhappy at work, they might do something that they would not normally do and put security at risk. Good security training and a security culture should reduce the likelihood of this happening.
A further challenge lies in the difficulty of measuring the success of staff security…
