People can be strongest link in cyber security, says NCSC

People can be strongest link in cyber security, says NCSC 1

People are often seen as the weakest link when it comes to cyber security, but that must change, says the National Cyber Security Centre

Interview keys:

  • The role and value of people has been overlooked
  • Have a more sophisticated understanding of how humans can be a security asset
  • Reshape the relationship between the IT security team in an organisation and users
  • Security professionals need to review how they gather information about security, so they can get the right support to discover the real problems facing their business and fix them

“Information security has traditionally been led by technology and, as a result, the role and value of people has been overlooked.” That is the view of Emma W, people-centred security team lead at the UK’s National Cyber Security Centre (NCSC).

The perception of people as the weakest link is unfair and a natural consequence of a technology-led security culture, she told Computer Weekly.

“We have not always had people working in cyber security with a deep understanding of human behaviour or the input of psychologists, social scientists and the like to tell us why people behave the way they do.

“As a result, organisations tend to treat users as people who should do as they are told, but they don’t always, and often the reason is because they can’t.

“However, these reasons are often not recognised, and instead users are seen as either being unco-operative or stupid, but this is not true and is a perception that we have to turn around,” she said.

Instead of being critical of employees who fail to adhere to unreasonable password policies, organisations need to have a more sophisticated understanding of how humans can be a security asset, she said.

The NCSC believes this indicates a need to reshape the relationship between the IT security team in an organisation and users of the IT systems.

End-users should be viewed as a positive asset who have information that security professionals do not have about how the business runs and how it needs to run, rather than be seen as a liability that has to be managed, said Emma W.

“Security professionals need to review how they gather information about security, so they can get the right support to discover the real problems facing their business and fix them,” she said.

Complete article in TechDataCenter:

https://searchdatacenter.techtarget.com/es/cronica/La-gente-puede-ser-el-eslabon-mas-fuerte-en-la-ciberseguridad-dice-NCSC