MOST cyber security breaches in the home are caused by people who unwittingly enable cyber criminal access by opening bogus emails, poor password habits and poor email habits. Only 5% of breaches are caused by technology alone, writes cyber security expert James Carlopio.
For the last decade, the Office of the Australian Information Commissioner has reported on the ‘causes’ of significant breaches.
Never have more than 5% of breaches been attributed to technical or systems failures. At least 95% of breaches have always been attributed to people (human error or malicious criminal attacks).
Unfortunately, we are not putting our money, or attention, where the problems are.
I have presented at quite a few cyber-security conferences in the last 12 months. Rarely, if ever, is significant attention put on people, the focus is always on technology and so-called “technical solutions”.
While technology is necessary for cyber security success, it is no longer sufficient as we see from the fact that 95% of breaches are people-related, not technology-related.
I did a small, informal ‘study’ and asked some people about their organisations’ spending in relation to cyber security and other technology compared to their spend on people and their cyber-security-related education and training.
The average spending on cyber security related to people was about 5% of the tech-related spending! While I am not suggesting spending needs to be 50%-50%, the current imbalance needs to be redressed. If ninety-five per-cent (95%) of the problems are getting only 5% of the resources, it is time to wake up and put our money where the problems are.
Our staff, their children, parents and grandparents are getting scammed at alarming rates. Estimates suggest a mid-level cyber criminal last year made more money in one month, than the average full-time employee in Australia made in one year!?!?! We simply do not have the cyber life skills we need to stay safe online.
Our children are being exploited because we, and they, are over-sharing on social media. We are using our personal and work emails interchangeably.
We have bad password habits. Few of us know how to recognise phishing emails and phishing is still the #1 threat vector and is involved in many significant cyber breaches.
Every school needs to add cyber life skills to the curriculum. We are requiring children to use computers but not giving them the skills they need to stay safe.
Parents and grandparents are not told how to recognise deep fake audio and video and are losing millions of dollars a year to scams and are being exposed to unimaginable stress and fear.
We need a national program to increase all Australian’s cyber life skills. We at Cultural Cyber Security (CCS, www.culturalcybersecurity.com) work with many clients on improving their staffs’ cyber life skills and soon will be launching a cyber life skills program that will be available to the public.
If you are interested in finding out more, please contact me at - This email address is being protected from spambots. You need JavaScript enabled to view it.