1. Where is cyber risk management going wrong?
In many sectors IT professionals have an outdated outlook.
They often see their role in cyber security as maintaining defences against external attack. The reality is, however, that most cyber-attacks are in one way or other caused by staff inside the organisation’s security perimeter.
That can either be a security slip-up or falling victim to some clever social engineering on the part of the attacker to infiltrate malicious code inside an organisation’s systems.
Employees can be trained to spot socially-engineered phishing emails, but as a defence this can never be 100 per cent effective. Even in the most stable of organisations someone will inadvertently click on a disguised link inside a cleverly disguised email, causing a download of malicious code. It only takes one click for an entire organisation to be breached.
2. Why does this matter if companies store their data and applications in the cloud? Surely the cloud-provider will have advanced security?
The cloud has enormous advantages in scale and reduced overheads, but most cloud-providers don’t provide any significant enhanced security capabilities. Even…
