Some cyber threats are sophisticated and well concealed, infiltrating organisations and bypassing their defences, only to be discovered when the damage is already done. Others don’t need as much subtlety, because a lot of organisations don’t address glaring weaknesses in their security, sometimes out of complacency, sometimes out of ignorance.
Here are five cyber security gaps that businesses need to close.
Workforce Mobility
In the world of hybrid working, the environments in which teams work have multiplied. That means security weaknesses have multiplied as well.
- More devices are on the move than ever, as teams take their equipment between various places of work. That means more opportunities for theft or loss of technology that houses sensitive data.
- Employees who can work anywhere are at greater risk of careless security practices, like leaving an unlocked laptop open on a table at a café.
- Domestic environments can unconsciously encourage lax security behaviour, since the setting is less formal and teams may not feel ‘monitored’.
Internal threats
Disgruntled colleagues are often overlooked as a cyber threat, but that needn’t be the case, because the behaviour can be very obvious.
If a vindictive employee with the right data access is so inclined, they can easily pass information to a competitor or grant access to a cyber criminal. The signs of risk are sometimes glaring — things like frequent half-day holidays and unusual download volumes indicate a certain intent, and upon spotting patterns like that, you should reconsider the security privileges of the employee in question, especially if they’ve recently faced disciplinary action, or have displayed on their LinkedIn profile ‘Looking for new opportunities’ or an‘#OpenToWork’ profile image.
Lack of testing
Plenty of companies implement defences, but not enough test those measures. Whether they’re employed or contracted, many businesses need testers who can think like cyber criminals and try to infiltrate the network. That will expose the areas where defences are most needed, rather than leaving it to guesswork and intuition.
Passwords
Terrible password practice is a running joke in cyber security, and the NCSC demonstrated that the joke is based on truth by listing the UK’s most common passwords in order of popularity (‘12345’, ‘123456789’, ‘qwerty’, ‘password’, and ‘1111111’).
Even if all of your teams were to keep ‘strong’ passwords, advances in infiltration techniques and technology mean that they still are often not sufficient protection. Multi-factor authentication such as passwords combined with PINs, biometrics, or ID tokens are often required to maintain satisfactory levels of security.
Governance
The absence of proper cyber security leadership has a trickle-down effect on the business. Leaders are responsible for fostering a culture in which all employees take security seriously, understand it fully, and are empowered to act accordingly.
An absence of security experience or management ability at the top level is disastrous for best practice in the wider organisation.
How governance closes your security gaps
While lack of governance is its own security weakness, strong governance is the key to solving all of the above. Not only will it create a more secure environment but the business’s leaders will understand the unique vulnerabilities of the company and therefore the right measures to implement.
While it’s difficult to find and secure such specialist talent, RPI’s extensive network and industry expertise can help you discover and attract the leaders that you need. Contact people@rpint.com to secure your strategic hires and your business.