Executive Summary
The report from the ICO on the ‘surprising’ decline in personal data breaches has certainly opened up a topic of debate, which clearly leads us to think: is our cyber training and education really working?
Since GDPR and DPA 18 were enforced, most organisations were initially very reactive, introducing Data Protection policies, Consent Notices and Privacy Policies all coupled with an increase in cyber security training. In practice, the organisational and technological requirements for GDPR are in effect good cyber security practices, so this may be the answer. However, the ICO cites the pandemic as the primary reason why breaches have fallen, but as the article further states:
“Despite what the figures suggest, cyber-attacks targeting remote workers and businesses have increased in intensity over the last 18 months. This is particularly because more employees were working from home for the first time, and thus more sensitive data has been handled across email, cloud storage and personal devices than ever before, presenting a gold mine of opportunity for hackers."
So, can we put the drop in breaches down to more effective and better cyber security training and awareness? In some instances this is probably the case where employees are better at recognising phishing attacks, spoofed websites and malicious text messages. But in reality have the motives and objectives of the attackers taken a different path? Recent high-profile ransomware and malware attacks against large software vendors and critical national infrastructure points towards attacks that can hold data and systems to ransom as more lucrative than stealing data.
Clearly our approach to handling and processing personal data has changed since the introduction of GDPR and DPA 18, but the sheer number of cyber-attacks and their increase in sophistication remains a cause for concern. Training and education remains one of the main defences against the cyber threat, and we should view our employees as a strong line of defence rather than a weakness. Similarly, we must continue to make sure data breaches remain low through best practice and ensuring our information and data remains monitored, detected and protected at all times.
To find out more about the training and E-learning courses we offer, and how we can help your business stay secure, get in touch!