Numerous advances in technology, specifically in the area of cryptography, telecommunications and computer security have failed to produce safer environments and do not offer adequate protection for information. The number, frequency and magnitude of information security breaches across the globe are on the rise as do the financial costs associated. It is safe to say that information security has never been a purely technical problem; it has become quite clear that technical solutions alone will not solve the issue.
There is a wealth of evidence to support the notion that the vast majority of information security breaches are caused by or have been allowed to materialise as a direct result of human errors, malicious insiders, disgruntled employees, social engineering, poorly configured systems, weak passwords and many others. We will discuss how a meaningful security culture can be developed in our organisations, including embedding positive security behaviours in the workplace. Accomplishing a culture of security is not an objective in itself, but this offers the quickest way to achieving effective and efficient information risk reduction.
