Are We Looking After The ‘PEOPLE’ in People, Systems & Processes?
In Cyber Security circles, the term, ‘People, Systems and Processes’ (P-S-P) frequently does the rounds.
My question to my professional network is – “How often do we invest in the ‘People’ factor?
Stats and evidence confirm, ‘negligence’ is one of the main causal factors for a data breach. Investing in people, their training, encouraging them to do the right thing – these are keys to building great security practices.
Many organisations forget that it is the ‘people’ who implement systems and use processes. Even with automation in place, if ‘people’ don’t follow the process, a security system cannot be successfully implemented.
Recently, we were performing an audit for a client. A staff member at the organisations had switched OFF the automated security alerting system during the testing phase, to keep the noise low. He then forgot to switch it back ON. This team member moved on from the company. No one figured this out until after 6 months and a data breach!
What I am sharing with you is not anecdotal. This happened. Keen to know what you are doing to focus on the ‘People’ piece?