In 2021, 62% of successful cybersecurity attacks arose from a staff member clicking on a phishing email, and 82% of all data breaches involved the ‘human element’.
Sources: Annual Global Cybersecurity Report, 2021, CrowdStrike. 2022 Data Breach Investigations Report, Verizon.
Do you trust your neighbour?
Cybersecurity is a specialist art of daily maintenance and investigation, but it is also common sense – not educating staff on how to spot phishing emails and failing to set role-based access controls accounts for the majority of cybersecurity breaches that result in punitive fines and lasting reputational damage.
Identity access management is the most important tactical aspect of cybersecurity, controlling both human and machine access by role and need to know.
Infrastructure and application security are what most people instinctively picture when thinking of cybersecurity. It is the realm of firewalls, network and hardware settings, and programmatic restrictions.
Security monitoring is important for reacting to security breaches, and threat hunting (tracking and predicting) is essential to maintain future defences.
Through indirect regulation such as the EU’s GDPR and California’s CCPA , data security is the only regulated element of cybersecurity in most countries.
Governance, Risk management & Compliance (GRC) is the most important strategic aspect of cybersecurity: the right culture is far more effective than any programmatically enforced regime.