RMIT Deputy Dean of School of Business & Management Professor Robert McClelland said that the challenge of cybersecurity assurance requires more than technical measures to overcome.
“Technical measures have been effective and robust in preventing cyber risks from information security breaches”, Professor McClelland said.
“However, research also shows that a majority of organisational security incidents are directly and indirectly caused by employees who violate or neglect the information policies of their organisation, thus, employee compliance choices are critical to organisational security.
“Even though the ‘human factor’ has been recognised as the weakest link in creating safe and secure digital environments, human intuition may also be the solution to thwart and prevent many cyber threats.”
Participants had an opportunity to listen to valuable sharing from an experienced, proven cyber security and academic leader Professor Matthew Warren, Director of RMIT Centre for Cyber Security Research and Innovation (CCSRI).
During his keynote speech, Professor Warren presented the link between human resources and the complexity of maintaining security.
Professor Warren said that over the financial year of 2020-21, the Australian Cybersecurity Centre identified 67,500 cybercrime reports and the self-reported losses from cybercrime during this time worth more than AU$33 billion [VND 540,773 billion] in total.
“Common human based cyber-attacks are scams, hoax software [tricked into installing malware], phishing, spear phishing, whaling, ransomware which all aim at collecting users’ details and passwords or delivering malware/ransomware.”
Professor Warren introduced a new concept where human resources plays a key role in protecting organisations against cyber security threats.
“There has been a traditional focus on the role of technology to protect organisations against cyber security threats,” he said.
“Human Security Firewall concept, however, is the collective organisational human knowledge, capabilities and skills, training, and resilience to deal with those threats.
“This Human Security Firewall has to be trained, updated and renewed to ensure the best protection for organisations.”
Professor Warren emphasised on the human resources role within organisations in successfully implementing the human firewall, including dealing with different staff types, dealing with cyber security related disciplinary matters, revoking passwords and access as part of the Staff Departure Protocols, keeping the human assets within the organisation, and recruiting new cyber security staff.