Staff training as important as tech in cybercrime fight - CompTIA
Organisation claims that resellers ought to focus on offering training as well as technology to customers
The channel needs to focus on getting customers' staff skilled up on cybersecurity just as much as selling them the right technology, according to CompTIA, which claims upcoming EU data-protection regulations will force the issue.
In research released today, channel trade group CompTIA claims that 70 per cent of UK businesses have suffered a security breach in the last year, with some facing an attack almost once a month. Some 60 per cent of those businesses said that human error was to blame for the breach, which CompTIA claims highlights the pressing demand to get staff trained up to avoid such issues.
The survey blamed general carelessness of staff, failure to get up to speed on new threats, and general lack of expertise in the security space as some of the biggest problems holding workers back.
With this in mind, CompTIA is launching its CyberSecure education programme, which is designed to provide a "fundamental understanding" of cybersecurity to staff across all areas of organisations.
CompTIA's vice president for skills and education for EMEA Graham Hunter said this presents an opportunity for the channel.
"We are making it freely available to our channel partners and they will have 50 licences to use," he said. "We have made a commitment and now it's about getting it out there in the market. It's about raising the bar of IT security knowledge across an organisation.
"You could say these [channel] organisations themselves need to go through some level of awareness training because they can often be the custodians of very important data by the nature of services they provide. If they are not protecting their staff in the same way, that could be an easy way in."
Hunter added that he hopes programmes such as CyberSecure will hit the mainstream in businesses' HR departments in the same way other company training packages are.
Richard Beck, head of cybersecurity at IT training firm QA, agreed and said that getting staff educated about security is important.
"The best technology in the world won't protect against the actions of an employee who, whether intentionally or through an innocent mistake, opens the door to an attack," he said. "When it comes to cybersecurity, companies often put technology first, and training trails behind in second place. But both should be deployed in equal measure."
Getting tough
From 2018, tough new EU General Data Protection Regulations come into place, meaning companies suffering security breaches will have to inform customers "without undue delay" and could be fined for breaking the rules.
CompTIA's Hunter added that this is a big catalyst for change in the channel.
"The incoming regulations from the EU will play a big role in how businesses shape their security practices in the future," he said. "Once the laws are implemented in spring 2018, companies that are not meeting standards will face heavy fines, meaning UK businesses will have to put security at the top of the agenda going forward and it's positive to see most are already taking steps to do this."
Robert Rutherford, CEO of business IT consultancy QuoStar, agreed that the new regulations will bring the issue to the fore.
"EU reforms can go a long way in raising general awareness of cyberattacks and the need to protect data," he said. "However, it is important that firms don't just view the new regulation as another box-ticking exercise. It is down to individual businesses to ensure training forms part of any new joiner's induction and is regularly enforced with updates as to the latest guises of cyberattacks."