By 2027, 50% of large companies will have adopted human-centered safety design practices
A hot topic right now, and a direction that security experts recommend those who are new to this approach, as well as new companies, to start looking at and learning more about, is human-centered security design. It is therefore essential to 'bring the issue into the light of day' and focus on it more and more - this will be realised at the Nordic SecTech Summit 2024, where the practice will be discussed throughout the day, both on the main stage in the opinions and figures of industry experts, as well as in a series of creative hands-on workshops.
The philosophy of human-centred security requires companies to learn to accept that the human being is the weakest link in the protection measures, as human error remains one of the main causes of data breaches and security incidents. Those who want to misuse a company's data or otherwise affect its security are getting more creative every day, coming up with new ways and techniques to fool the person on the other side, who is often already a long-standing professional in the field. And to mitigate these risks, it is necessary to have an effective plan in place to address the vulnerabilities.
By adopting this approach, the company ensures that the overall security landscape and systems are intuitive, effortless to use and user-friendly, thus reducing the likelihood of errors or circumvention of security measures by external forces.
The human-centred approach and level of management requires that the cybersecurity operating model be changed to reflect and define how work is done. Security must be linked to business value - measuring and reporting success against business outcomes and priorities. This means that every employee needs to know how to balance multiple risks such as cyber, financial, reputational, competition and legal risks and be familiar with the whole work process.
To prevent security risks and maintain an effective approach, managers need to focus on three key areas:
- The critical role of people in the success and sustainability of the security program;
- technical security capabilities that provide greater visibility and responsiveness across the organisation's digital ecosystem;
- and operational restructuring of the security function to ensure resilience without compromising protection.
Alongside these key security areas, there is also a need to continuously improve assessment practices to keep pace with changing business/organisational working practices, thereby assessing more than just technology vulnerabilities.
It is estimated that by 2027, the principles of identity resilience will prevent up to 85% of new attacks, thereby reducing the financial losses caused by breaches by 80%. Such insecure infrastructure is caused by incomplete, misconfigured or vulnerable elements of the identity fabric. And one of the additional conditions to mitigate security incidents is to choose security systems and technologies that comply with all European Union requirements and regulations.
Often, even after consulting security companies, those responsible buy the cheapest solution without even realising that it does not meet the security requirements on the application side, nor the regulatory documents, thus endangering the security ecosystem of their infrastructure. This is just one aspect of why it is important to educate the industry on these and other issues relevant to physical security and cyber security.
That is why on 17 October this year, an event will be held in Riga, where experts and professionals from various sectors will talk about the practical implementation of this approach, as well as how it can help a company to avoid losses and at the same time protect itself against malicious activities.
The Nordic SecTech Summit organisers invite everyone who has security as part of their everyday life to register for the event and find out not only the latest information, but also get answers to the questions they are interested in. The event is free to attend, but pre-registration is required as places are limited.
For more information about the event and to register your participation, please visit the Nordic SecTech Summit 2024 website: https://www.nordicsectechsummit.eu