Love, sweet love, is a great idea for the world. Hal David and Burt Bacharach made a great song out of suggesting that we could use more of it. However, there also are a few more things that could be added to the list. One of them is cyber-security training. A recent study by Unisys indicates that almost 70 percent of critical infrastructure providers had at least one significant security breach within the preceding year. In a ‘cause and effect’ follow-on, the same study showed that employees lacked training cyber-security. In fact, only about one in 16 organisations (6 percent) did anything about it. So what’s the problem – complacency or lack of solutions?
Many enterprises are coming to the conclusion that security breaches will happen at some time. They realise that a zero-breach objective may be unrealistic. However, their best hopes lie in pushing such breaches out as far as possible, and in limiting their potential for damage. Complacency is not the problem: it’s fatalism. The Unisys report reveals that 78 percent of people responsible for security thought a successful attack on their industrial control and supervisory systems (ICS and SCADA) was likely within the next two years.
While security vulnerabilities will continue in vendors’ products, organisations can still do a lot to improve their situation by correctly educating their workforce. This includes training specialist IT staff to maintain applications and network software at latest vendor release level. It also means inculcating good information security practices in staff in general. The basics of proper password management, and strict ‘need to know’ and employee identification policies can go a long way to help protect both a business and its personnel. It takes time, effort and patience for all concerned. But in the end, tough love like this is what it takes to keep enterprises healthy and wealthy. So in that sense, Hal and Burt’s song still has a message for organisations today too.