SoSafe CSO Explains Cyber Issues Plaguing UK IT Leaders
The cybersecurity landscape is becoming increasingly treacherous, with threats becoming not only more sophisticated but also more frequent.
This is leaving security leaders grappling with challenges that demand more than just technological solutions. Recent findings from SoSafe’s Human Risk Review 2024 reveal that 85% of UK security professionals believe the threat environment is at its most perilous in the last five years.
This surge in risks has real-world consequences, with more than half of UK organisations falling victim to successful cyberattacks in the past year.
But what is being seen on the security side as the main hindrance to fighting back against the surge in attacks? To find out more, we spoke with Andrew Rose, Chief Security Officer at SoSafe.
Understanding the growing threat landscape
According to Andrew, the spike in cyber threats is driven by three key factors: geopolitical instability, advancements in Gen AI, and the growing interconnectedness of the digital world.
“Ongoing geopolitical instability in places like the Middle East and Ukraine creates new motives, opportunities, and pathways for criminals and state actors to cause damage,” Andrew explains.
Alarmingly, 77% of security professionals agree that geopolitical tensions have increased organisational security risks.
Adding to this complexity, the rise of AI-driven cybercrime is reshaping the threat landscape.
“Nearly four in five security leaders in the UK are concerned about the use of generative AI by cybercriminals, rising to 93% for larger organisations,” says Andrew.
AI enables attackers to execute large-scale spear phishing campaigns and deploy deepfake technology, making it easier to exploit vulnerabilities faster than ever before.
The interconnected nature of modern businesses further compounds the issue.
“Supply chain attacks are a growing concern, with 85% of security professionals increasingly worried about supply chain security,” Andrew notes.
Cybersecurity is now a shared responsibility, but not all stakeholders take it seriously, leaving organisations exposed to cascading risks.
Emphasising the human factor
While technology is indispensable in combating cyber threats, Andrew underscores the critical role of the human layer in organisational resilience.
He observes, “Hackers exploit human emotions, creating urgency and panic to prompt irrational actions. Educating and training employees is vital in making security second nature.”
Building this human resilience requires a balanced investment in both technology and people.
“There’s often a misbalance between investments in technology and the human layer. Forrester predicts that by 2024, the human factor will be involved in 90% of all data breaches,” says Andrew.
Training employees to handle potential threats in a safe environment prepares them to respond effectively in real-world situations, reducing organisational risk.
Andrew also advocates for a shift away from blaming employees for security breaches. “We need to focus on empowering and protecting employees rather than blaming them. Human Risk Management is about changing attitudes and behaviour to build a sustainable security culture.”
Developing a resilient human layer
SoSafe’s research underscores the importance of using behavioural science to develop effective security programmes.
“We have hundreds of years of scientific inquiry into how people think and behave. Instead of starting from scratch, we can use this knowledge to inform training,” Andrew explains.
Techniques like simulations, storytelling, and gamification help drive behavioural change, making security a collaborative effort across organisations.
Andrew emphasises the importance of fostering a culture where employees feel comfortable reporting threats without fear of embarrassment.
“Reporting unsafe behaviour or suspicious activity should be encouraged. Security is a shared responsibility, not just the job of an overstretched security team,” he says.
By building a robust security culture that integrates human and technological defences, organisations can navigate the increasingly complex cybersecurity landscape.
“Once behaviour is influenced, individuals act with awareness and caution, becoming a consistent line of defence—far more sustainable than chasing after technological updates,” Andrew concludes.
This holistic approach to cybersecurity highlights the importance of treating employees as allies in the fight against cybercrime, paving the way for a safer, more resilient digital future.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand