Human training: just a pretty bow on the box?

Human training: just a pretty bow on the box?

human, training, cyber, security, GDPR, TEISS2018

At #teissLondon2018 Vijay Rathour, Partner with the Digital and Forensic Technologies Group at Grant Thornton, will be making his case for why training is a waste of money.

Yes, that’s right.

In a controversial head to head, Rathour will question why anyone is prepared to rest the entirety of their cyber security on the shoulders of the least trained person in the workplace.

Rathour alludes to the recent Hawaii ballistic missile incident and states, “We have to respect that human users are the ultimate beneficiaries of all of the technology we’ve got, so we need to account for the fact that they are potentially a risk factor in this ecosystem. Of course we need to train them but fundamentally why is there not a systemic security safeguard that prevented that from happening?”

Human training: just a pretty bow on the box

“Human training is essential but there must be systemic safeguards behind that to prevent that ballistic warning going out unchecked,” he adds.

Rathour thinks it’s easy to blame the humans. “From my perception if you’re going to have multi-million dollar fines and a fallout as a result of customer confidence, surely it’s in your interest to have appropriate technical safeguards to prevent the risk of a cyber-attack, data breach and data loss. So your human training is frankly just a pretty bow on the box. You’ve got to have all that infrastructural security around that.”

Studies show, according to Rathour, that online security awareness training given to staff only improves day-to-day online hygiene by 2%. If so, is that really the best place to spend your money?

Investing in cyber security: what businesses should consider

“Understand your risk factors, what type of business you are in and the severity of the risks to you subjectively. Then you can distribute your money proportionately to address the risks that may face you as a business,” advises Rathour.

He adds: “From the perspective of the ICO (Information Commissioner’s Office), regulators, or customers – when this is all splashed over Twitter – if you can say we invested in the best security we could afford proportionately, nobody can deny that you’ve done what was appropriate.”

Spend what is proportionate for your particular risks

Rathour says: “Something is better than nothing at all. In light of the GDPR fines, if you spend nothing there will be egregious pain from the ICO, but if you’ve spent something – you’ve demonstrated you’re on a journey. Of course attacks can still happen, but if you prevent 90% of your attacks – you’re getting fairly good bang for buck.”

  • Understand what your risks are – specifically in your business
  • Spend proportionately
  • Understand that perfect security is nigh impossible to achieve






Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”” /]