By JAMES NGUNJIRI
A report by the Institute of Chartered Accountants in England and Wales (ICAEW) has given updates on previous years’ insights and offers recommendations for companies’ boards – on why cyber security should be high on their to do lists. It recommends cyber security training to staff – as criminals are now targeting workers to provide unauthorized access to data.
Accidental loss of confidential company information is as a result of workers’ actions such as clicking on infected links. “Until businesses get better at linking cyber risks with business objectives, and attaching real consequences to non-compliance with expected behaviours, cyber security training and campaigns are unlikely to have the desired impact,” ICAEW report said.
The UK-based accountancy and finance body report said while training and awareness – raising activities are important, they are only part of the wider picture. Leading businesses recognize that good cyber security behaviour is a matter of organizational culture, meaning that security is integral to the values and goals of the organization with strong leadership at the heart of this cyber security culture.
According to the reports, more than 200,000 systems worldwide were hit. However, it appears that only one of every 1,000 victims paid the ransom to the attackers. An interesting bit in the report showed how some companies are testing their employees by sending them infected links to see how they will react.
Offering specific training to employees handling data (customer data and financial data) is highly encouraged. “If companies cannot keep their goods and customers safe, their ability to trade successfully will ultimately be diminished,” said ICAEW.
Similarly, companies’ boards should consider hiring correct skills – boards should get basics of cyber right by getting the right IT skilled people on their teams.