It’s a commodity that appears to be in increasingly short supply. It’s a shame that it isn’t taught in schools. So many seem to lack even the most basic form of it
What am I talking about? That strangely intangible concept of ‘Common Sense’
CNET this week explained how there was a woeful lack of common sense in the realms of cyber security. Not from the cyber industry, but from everyday regular technology users. People, potentially, like you and me.
According to their article a company called Keeper Security anaylsed 10 million passwords that were stolen during data breaches in 2016 and found that a whopping 1.7million of them were “123456”. You may laugh at this finding, but as CNET point out this illustrates how poor we are at protecting our own data.
The suggestion is that people need to develop better habits, the same common sense habits that most have such as washing their hands after going to the bathroom, or looking both ways before crossing a road. Many other suggestions are made in this CNET article on how to do that, and it is well worth reviewing, but they do admit that we are probably looking at another 10 to 20 years of repeating such messages in order to make basic cyber hygiene common sense.
The web page, Security Intelligence from IBM, popped out an interesting statistic in their recent article discussing the costs of a data breach in 2017. They said that the odds of being struck by lightning is : 1 in 960,000 whereas the odds of suffering a data breach can be as high as 1 in 4.
This interesting comparison was taken from the recently published report by the Ponemon Institute. It was being used to illustrate the point that organisations must understand the probability of being attacked. But will that be enough? I doubt it, because from what I have seen as I continually review a seemingly never ending stream of reports stacked full of statistics and comparisons, hardly any such information manages to move the needle of getting businesses to start taking preventive action.
Saying that, perhaps GDPR will be that catalyst. AM Online pushed out a story earlier this week referring to how “The UK’s first fully compliant GDPR job board, CareersinCyberSecurity.co.uk, and London law firm Hamlins LLP found that hundreds of thousands of UK business were leaving themselves open to “huge fines” after 73% failed to budget for the implementation of the changes they require to comply to General Data Protection Regulation (GDPR)”
They go onto explain in more detail how there is an estimated shortfall of over 7,000 Data Protection Officers, that are needed by businesses for GDPR compliance and that hundreds of thousands of businesses are currently exposed because they do not have the right calibre of staff to deal with data protection law and practices and ensure they can honour all the obligations under these new regulations.
GDPR is, as we know, is the law. It’s coming into force in May 2018 and those who after that date suffer a data breach will be looking at eye watering fines. Isn’t it just common sense to get prepared? Of course it is, but we all know that it is in very short supply when it comes to cyber security.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.