Understanding the three pillars of cyber security

Published by Skills for Justice

Person using laptop with floating cyber security icons

What is cyber security?

Many people will wrongly assume that cyber security is all about technology, and if you have a piece of software or system in place that protects your organisation, nothing can go wrong.

The common misconception that technology is the only contributing factor in determining if your organisation is secure or not, is not only a huge risk to the public and service users, but also to your staff. Technology is of course a key component that is required to reduce the risk of cyber-attack, but there are two other considerable factors that many may neglect.

Cyber security is essentially one element that needs careful consideration, forming part of your organisations overarching information security management processes. The three pillars of cyber security focus on People, Processes and Technology.

What are the three pillars and what do they mean?

As mentioned, cyber security is based on three pillars. For the most part, technology and process can be implemented and support organisations in delivering a robust plan to tackle cyber security. The third pillar, which focuses on people and behaviour, may mean organisations need to consider a long-term approach to embed good working practices amongst their workforce to enhance cyber security.

‘People’ naturally is the pillar that has the most amount of risk associated with it, as human error and human intervention is more difficult to predict and guarantee than systems and software. Training, awareness and resources are therefore key to supporting the workforce in being the ultimate defence against cyber-attacks.

‘Processes’ are an element of the three pillars that ultimately rely on having the right technology and the right training of people, in order to be successful. Processes could include auditing, frameworks, risk assessments and the use of management systems to support best practice. Processes rely on the people who follow them, and the training your workforce receive to be able to adhere to them.

‘Technology’ is of course crucial to managing and reducing the risk of cyber-threats to an organisation, particularly in the public sector, where records and potentially sensitive data is shared across hundreds of people, systems and buildings. On a local and national level, police and public sector organisations simply could not survive without access to this data, and there have been several instances that have shown just how reliant we are on technology and access to data. The more that the policing and public sector workforce rely on technology and systems to provide better services, the more critical it is to have the correct software in place to protect those processes and access of data. Technology is, however, only as good as the people using it, so it’s vital to choose technology that meets the needs of the workforce and is simple yet effective for staff to manage.

It’s vital that every person in your workforce, including volunteer and contractors, are aware of their role and responsibility in reducing the risk of cyber threats. Individuals in your workforce may need additional training to enhance their knowledge, particularly if handling sensitive data such as public and staff records. Nonetheless, all staff in the workforce need a basic level of training and awareness, to reduce the risk of cyber-attacks.

How can the police workforce and wider public sector improve cyber security?

Technology and how it is implemented to support the UK public sector has been top of the agenda for some time, with several new initiatives from public sector bodies to use technology and innovation to improve services and meet growing workforce demands.

With new technology, comes new challenges and risks, and it’s crucial for public sector leaders to identify these risks when implementing any new technologies or processes to their organisation, as well as maintaining cyber security throughout their existing channels.

Ultimately, ‘people’ are the number one factor that can make or break a robust cyber security programme for organisations. With appropriate training, awareness raising and guidance, employers can support the workforce to be the ultimate defence against cyber threats.

Every person working in the any public sector organisation has responsibility, and employers have a responsibility to support their workforce with ongoing training.

Skills for Justice have recently launched a new partnership with CybSafe, the world’s first intelligent cyber security awareness, behaviour and culture platform that reveals and responds to reliable metrics and data-driven insights to actively manage human cyber risk. The new partnership is perfectly suited for public sector organisations to understand, train and embed cyber security best practice, and ensure the policing, fire and rescue and local government workforce are well-equipped to manage cyber threats.

Want to know more about CybSafe? Get in touch today.