Terry Greer-King, Director of Cyber Security, Cisco UKI comment response to Arbor Networks’ new Ponemon Institute Survey announced
May 2015 by Terry Greer-King, Director of Cyber Security, Cisco
The best way to mitigate risk is to assume that an attack is already occurring by adopting an approach to security that addresses the entire attack continuum – before, during and after. Recent research from Cisco reveals that companies with a low level of security sophistication are characterised by unpredictable, ad hoc and often, reactive security processes. In striving to mitigate external threats and reduce dwell time, companies must invest in a holistic approach to security. This starts with the executive leadership team prioritising security as a business risk. Cisco’s Annual Security Report reveals 91 percent of organisations with sophisticated security processes believe the company’s executives consider security as a high priority.
While deploying and continually optimising security policies and procedures is undeniably essential, it is equally important to ensure they are well documented, and clearly understood by each employee and every user. In doing so, employees themselves will be educated and motivated to adhere to the organisation’s security processes and accept responsibility on the individual level. Considering Cisco research exposes employee behaviour as the second greatest risk to organisational security, following cybercrime, this is absolutely critical.