Cybersecurity is all about trust, but who do you trust?
Everyone has a network of people (and organisations) whom they trust to varying degrees, e.g. a corporate treasurer in a meeting on KYC last year said, “I’m not giving them that - they’ll only loose it, but I will tell them this.” To function businesses and people have to trust others, even though they should check as much as possible, which is why the digital ID, KYC and AML business is so huge as companies and banks, etc. try to protect themselves. Trust is such a huge problem it needs sorting into manageable areas, McKinsey&Company have a useful framework.
McKinsey’s trust framework
In a November article, A framework for improving cybersecurity discussions within organizations Jason Choi, James Kaplan, and Harrison Lung suggest how security professionals can create tighter bonds with some critical stakeholders by tackling the security gaps that exist between the different players:
Source & Copyright©2017 - McKinsey&Company
The authors, not surprisingly, write that companies should continually monitor their assets for the likelihood and potential severity of cyberattacks:
Source & Copyright©2018 - McKinsey&Company
McKinsey’s list of the typical questions that board members ask about the company’s cybersecurity programmes is important:
- are the company’s most critical assets being adequately protected?
- is there a robust response-and-recovery plan in place if a breach does happen?
- who actually owns the cybersecurity agenda?
- does that individual or team have the appropriate level of power and influence to mobilize the required resources?
The report’s conclusion is important: “if companies recognize the human aspect in cybersecurity and take steps to close trust gaps by introducing more transparency, they can increase the odds that their cybersecurity programs will be successful—not just in the near term, but over the long haul, regardless of the kinds of threats that may emerge.”
Trust gaps with employees
A recent conducted by Kaspersky Lab and B2B International showed that “one tenth (12%) of employed respondents are fully aware of the IT security policies and rules set in the organizations they work for. This, combined with the fact that half (49%) of employees consider protection from cyberthreats a shared responsibility, presents additional challenges when it comes to setting the right cybersecurity framework.”
However, employees are critical to the lelvel of fraud. Another study from Kaspersky Lab proved, sometimes staff do exactly the opposite. According to the report “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within”, careless personnel contributed to the attack in 46% of cybersecurity incidents within the last year.”
CTMfile take: Trust in your colleagues, partners, and everyone makes the world work or not. Who do you trust?
Like this item? Get our Weekly Update newsletter. Subscribe today