Address
1st Floor, North Westgate House, Harlow, Essex, CM20 1YS
The phrase “weakest link in the cyber security chain” is often used when referring to people (employees/users) because they are considered to be prone to making mistakes or may be unaware of cyber security threats as they interact with technology.
You might have heard the phrase over and over again uttered by information security professionals and experts. You might have read it in literature, magazines or academic writings. Let’s face it: would you want to do more or contribute more by being referred to as the weakest link? Who would like to put in more effort? The “weakest link” does not motivate or inspire. Even if humans are indeed the weakest link (I do not believe that is the case), but they are addressed differently in such a way as to get the best out of them; the response may be different. The behaviour and the attitude users will have towards cyber security and cyber security initiatives can be more positive with better communication from their IT teams and organisations.
While human error has been identified as a significant cause of cyber security incidents in organisations and human-related weaknesses are being exploited through cyber-attacks, the required training is lacking in organisations. Some organisations still need dedicated training on social engineering despite the increase in phishing and other cyber-attacks. The training of employees, and their involvement and engagement in matters that concern us all, that is, the security of information assets, can lead to a reduction in the risks posed by cyber-attacks.
There are many benefits users bring to the table from a cyber security perspective. Users are quick to notice patterns or discrepancies which they can report. They also spot weaknesses and gaps in their day-to-day work before cyber-attacks could exploit them. With some encouragement, they can show more commitment to reporting cyber security incidents, which will be beneficial to the organisation.
Organisations can use their most vital asset, its people, by creating an environment that fosters collaboration, engagement, and involvement. One of the ways of making use of employees is to involve them in the co-creation of security policies and seek their feedback on the approach to cyber security within the organisation. The opinion of employees can also be sought on how to keep information assets of the organisation as well as theirs secure. Hence, as the strongest link in the cyber security chain, employees become effective human firewall defence that complements technical controls for keeping information assets secure and minimising the risk of cyber-attacks.