Why CEOs shouldn’t ignore the Human Factor in Cyber Security
Cyber-attacks have been very common nowadays even though there has been an improvement in technology to enhance security systems. Hackers have been able to access company data and use it for malicious purposes due to exploiting vulnerabilities in the systems. Big organizations such as Yahoo, Sony, JP Morgan have been victims of cyber-attacks which has led to leakage of confidential data to the public even though these companies have some of the best security systems in use today.
Most organization have ignored the Human aspect of securing the IT Systems because some of these attacks have been made easier by users of these systems not following procedures and protocol when handling their systems such as Users not using their passwords and token password generator correctly or sharing them with others. A good example is 2015 hacking of the US Central Command’s Twitter account by the Islamic State where the user failed to use the password and token generator as they should have.
Some of these incidents can be avoided by the top management ensuring that the staff managing the IT systems or those accessing it are aware of costly mistakes that may happen and the danger they pose to the organization. In order to create high-reliability organization, CEOs and top management should embrace the US military philosophy where they have focused on addressing the risk of human error. Where they have ensured the staff are well interviewed when being hired to avoid bringing in malicious people, offering high training on the usage of the system, strict compliance and procedures to prevent mistakes.
Companies can’t depend on technology alone to safeguard their data, focusing on reducing human error is important and CEOs should focus on investing in training and oversight so as to develop a high reliability company.
To avoid attacks, users must be put aware of the risks of accessing such links in the internet, downloading suspicious attachments in their emails etc. Top management should create a clear protocol, guidelines and procedures on how systems should be managed, how to manage them, who to access what and when, training users on new technologies and making them aware of new threats.