{{item.title}}
How many stories have we heard of a data breach occurring due to an employee mindlessly clicking a malicious link, or simply disclosing their password to someone posing as a member of their IT department? The prevalence of these events has made security professionals realise that all their efforts in implementing security controls can easily be undermined by the ‘human factor’.
Is there a solution to this ‘disruptive element’? Lisa Matomola (PwC people and organisation consultant) remarked that ‘human beings are more prone to be compliant when there is a strict consequence to their non-compliance’.
Juanita Kavandara (PwC people and organisation consultant) added: ‘We [humans] are more likely to exercise caution when made aware of the detrimental effects that our actions of non-compliance can have’. Perhaps the solution is found in changing the manner in which companies implement security awareness. Companies will do well to consider factors such as human psychology, as well as culture (organisation) and behavioural tendencies when creating security awareness programmes.
For example, incorporating realistic cyber threat scenarios in security training may be more effective in sensitising employees to the potential consequences of a cyberattack.
Consideration of these factors can also play a major role in getting the ordinary executive or board member to understand the potential consequences of a cyberattack for business, thus making it easier to fund security plans and programmes. It really does not stop there: human psychology and organisational culture can also aid in the actual implementation of security controls. For example, using single sign-on to access multiple applications can prevent users from potentially exposing their passwords by writing them down.
With everything said, we can definitely conclude that one size does not fit all when it comes to implementing security. Furthermore, companies need to partner with someone who understands their business and has the necessary skills and experience. At PwC, we are willing to become that strategic partner that will aid in the achievement of your business goals.