How has 2017 been for you? Has cybersecurity been top of mind?

There’s no doubt organisations have faced a wide range of cybersecurity challenges in the last year – from insider threats and contractors through to new regulations and skills shortages. Our team of bloggers report on these issues because we know they affect every business. So we think you’ll find this recap of our most shared blog posts useful:

1. Think your employees are the number one security risk? Think again: It’s the senior management

Effective staff training and awareness programmes are widely regarded as a vital pre-requisite for a strong cybersecurity posture. However, developing the right programme and enterprise-wide culture can be difficult, especially without buy-in from the board. Part of the problem stems from the fact that many business leaders simply are not interested in cybersecurity. They regard it as something affecting everyone in the organisation but them.

Well, here is a fact that might surprise you. In new “human vulnerability” tests conducted by NTT Security on behalf of customers wanting to evaluate their risks from all angles, we even found senior management compromised organisational security in as little as 10 minutes. Holding a mirror up to the board and senior management like this could be a great way for IT teams to secure funds and accelerate education programs, as Kai Grunwitz explains. 

2. How to bolster your cybersecurity defences in a flexible workforce

These days, the chances are businesses are using contractor staff to flex the workforce, work on specific assignments and keep the permanent employee headcount down. It’s now part and parcel in the business world. Contractors and temporary workers play a valuable role in helping organisations to operate, solve short term resource issues or provide expert skills for a finite time, but without long term commitments. Furthermore, their availability and ability to hit the ground running means they are often recruited quickly to fulfil an urgent need for the business.

This is all great news – both for maintaining business as usual and for delivering projects that require specialist skills. But there are serious implications in terms of information security risk. In this blog post, Randika Fernando explains the steps organisations can take to ensure best practice around the security and risk management of contractors. 

3. Are your employees and end users spilling the beans on social media?

It is widely accepted that employees have access to social media at work and some may be posting regular status updates throughout the day. Social media solutions are also no longer just used socially but now play a vital part in business processes, helping businesses interact with their customers as well as their other stakeholders. While this helps everyone stay connected and improves communication, it also presents new and potentially serious risks to sensitive and confidential company data.

Organisations usually take steps to detect and prevent IT and network threats; however end user behaviours and actions add new complications to the task of protecting sensitive organisational information from exposure to hackers.

The bottom line? Education and awareness should be used as a way forward to ensure social media tools can be used safely and productively within the organisation.

4. So you want to work in IT security?

With the number of high profile cyber attacks reported in the media increasing, IT security seems like an interesting place to be right now. But did you know there is actually a global information security workforce skills shortage? 

The lack of internal resource to keep pace with a growing problem of ever advancing cybersecurity threats means it’s no longer possible for many organisations to tackle all aspects of information security management in-house. Furthermore, in addition to the growing frequency and complexity of threats, the regulatory landscape is also changing. 

Stretched IT departments are struggling to keep on top of information security and the consequences can have a serious impact on the vulnerability of the business. They need more resources to manage this. They also need the right resources – not IT generalists, but people with forensic skills, industry expertise, incident handling experience, an understanding of mobile security demands, up-to-date compliance knowledge, experts in cloud security and people with the analytical skills and experience to see what others might miss. Can you see yourself taking on any of these roles?

5. NTT Security Risk:Value Report 2017 – the gaping holes in cybersecurity resilience

Businesses have been facing an unprecedented set of information security risks in 2017. They are suffering a growing number of data breaches, but their compliance risks are also mounting. Organisations must address cybersecurity and privacy, not just because they face financial and reputational fallout if they don’t, but also because regulators can penalise them for inadequate protection.

Against this backdrop, we interviewed 1,350 decision makers in businesses in 11 countries to find out how they viewed information security risk, and what they were doing to mitigate it. The findings are presented in our Risk:Value Report 2017 and, in this blog post, Garry Sidaway gives us a summary. Perhaps most shocking is that 19% of businesses admit they don't know which compliance regulations they are subject to, and just 40% believe they will be subject to the impending General Data Protection Regulation (GDPR).

We hope you enjoyed reading our most shared business posts. If you haven’t already, do take a look at our round-up of the most shared posts on our technical blog.