As little as one per cent of security spending goes on training and human factors, says Melanie Oldham. Yet four out of five data breaches are due to human error.
The problem is made worse by IT security’s focus on technical solutions. As Oldham argues, we tend to overlook the critical role of people.
Our guest this week, Oldham is the founder of Bob’s Business, and a Fellow of the Chartered Institute of Information Security. Her security training company is best known for the eponymous Bob, a put-upon business exec who battles to secure his operation.
But Bob is not alone. This industry, Oldham argues, needs to strip away the complexity that too often surrounds cyber security.
This is thrown into even sharper relief by the move towards widespread home working. And more organisations are realising that the top-down, tick box driven approach to security training is rarely effective.
What, then, can security professionals do? And should others, perhaps HR or even corporate communications, take the lead?
In the second of our three-part series on people and security, we try to find some answers.