Technology Analysis

Humans better key to combatting cybercrime than technology

By | | comments |
A human-centric approach to stopping cybercriminals is recommended by experts (Image via Creazilla)

Analysts have outlined strategies for beating cybercriminals but focused on a more human-centric approach rather than advanced technology. Paul Budde reports.

AT REGULAR INTERVALS, I have discussed the cybersecurity situation in Australia. In those assessments, I wrote about my frustration that the previous government policies more or less resembled a fire brigade approach. They tried to address individual incidents with regulations and legislation, rather than coming up with a holistic strategy. I also reported earlier this year that finally such a strategic approach was announced by the current Government.

However, the current TikTok approach is just another wack-a-mole reaction. All social media platforms have been used by criminals and foreign powers for monetary or political gain, yet we only now limit the use of TikTok for people in government, which is not even effective. I am scratching my head.

The following research from analyst firm Gartner provides some good guidelines for such a holistic approach. All of these issues need to be addressed in order to develop a proactive and, most importantly, more effective national strategy. It will always be a cat-and-mouse game with cyber criminals, but at least with such an approach, we have a better chance to limit the damage and catch those messing with the digital world.

As the world continues to rely heavily on technology for business operations, it has become increasingly important for organisations to prioritise cybersecurity. However, according to Gartner, traditional approaches to cybersecurity are no longer enough to keep up with today's ever-evolving threats. To address this issue, Gartner has identified nine top industry trends that security and risk management leaders must consider when rebalancing their cybersecurity investments.

One of the key trends identified is the need for a human-centric approach to cybersecurity. In other words, organisations must focus not only on technology but also on people when designing and implementing their cybersecurity strategies. This involves considering how employees interact with technology and implementing measures to mitigate risks associated with human error.

A human-centred approach to cybersecurity is essential to reduce security failures. This can be achieved by focusing on people in control design and implementation, as well as through business communications and cybersecurity talent management. By doing so, organisations can improve their business-risk decisions and cybersecurity staff retention.

Another trend identified by Gartner is the need to enhance people management for security program sustainability. This involves developing a comprehensive approach to talent management, including attracting and retaining skilled cybersecurity professionals, providing ongoing training and development, and fostering a culture of security awareness throughout the organisation.

In addition to these people-centric trends, Gartner also identified several technology-focused trends that security and risk management leaders must consider.

These include:

  • Transforming the cybersecurity operating model to support value creation;
  • Threat exposure management;
  • Identity fabric immunity;
  • Cybersecurity validation;
  • Cybersecurity platform consolidation;
  • Composable businesses need composable security;and
  • Boards expand their competency in cybersecurity oversight.

‘Transforming the cybersecurity operating model to support value creation’ involves aligning cybersecurity strategies with business objectives, creating a culture of innovation and continuous improvement. This requires a shift away from traditional reactive approaches to cybersecurity and towards a proactive and agile model that can quickly respond to emerging threats.

‘Threat exposure management’ involves identifying and assessing potential security risks and vulnerabilities and implementing measures to mitigate them. This includes implementing robust access controls, monitoring systems for suspicious activity and conducting regular risk assessments.

‘Identity fabric immunity’ involves implementing identity and access management (IAM) solutions to protect against identity-based attacks. This involves using a range of technologies and techniques, including multi-factor authentication, biometric identification, and behavioural analytics.

‘Cybersecurity validation’ involves testing and verifying the effectiveness of cybersecurity measures and processes. This includes conducting regular penetration testing, vulnerability assessments, and security audits to identify and address any weaknesses.

‘Cybersecurity platform consolidation’ involves streamlining and consolidating cybersecurity tools and technologies to improve efficiency and reduce complexity. This includes using integrated solutions that can provide comprehensive security coverage across multiple systems and applications.

‘Composable businesses need composable security’ involves adopting a flexible and adaptable approach to cybersecurity that can support the changing needs of a dynamic business environment. This requires a focus on interoperability, modularity, and flexibility in security architectures and solutions.

Finally, ‘Boards expand their competency in cybersecurity oversight’ involves ensuring that boards have the necessary knowledge and expertise to provide effective cybersecurity oversight. This involves providing regular cybersecurity training and education for board members and developing clear governance frameworks and policies to guide decision-making.

In conclusion, cybersecurity is an essential consideration for any organisation operating in today's technology-driven world. However, to be effective, cybersecurity strategies must evolve to keep up with the changing threat landscape. By adopting a human-centric approach to cybersecurity and considering the nine trends identified by Gartner, security and risk management leaders can ensure that their cybersecurity investments are well-balanced and effective in mitigating today's cybersecurity risks.

Paul Budde is an Independent Australia columnist and managing director of Paul Budde Consulting, an independent telecommunications research and consultancy organisation. You can follow Paul on Twitter @PaulBudde.

Related Articles

Support independent journalism Subscribe to IA.

Recent articles by Paul Budde
Australia's internet quality remains appalling

Global internet quality rankings have revealed that Australia still has far to go ...  
EU leads the way in regulating AI

The European Union is drafting international guidelines to eliminate the dangers ...  
NBN finally gets an upgrade and hopefully we can afford it

NBN Co revealed its 2024 Corporate Plan, outlining its strategies to enhance its ...  
Join the conversation
comments powered by Disqus

Support IAIndependent Australia

Subscribe to IA and investigate Australia today.

Close Subscribe Donate