Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
The UK cybersecurity sector is booming, creating £13.2 billion in revenue and 6,600 new jobs last year, according to the UK 2025 Cybersecurity Government Report. Unsurprisingly, the surge in sophisticated cyber threats, amplified by malicious AI, has driven a demand for a more skilled tech workforce and advanced security solutions.
But the effectiveness of cybersecurity solutions relies heavily on the capabilities of an organisation's existing employees, who are often susceptible to social engineering attacks. This costly vulnerability has impacted numerous brands this year, including M&S, which will suffer a £300 million profit loss due to phishing. So, what steps can businesses take to address this cybersecurity skills gap?
The human firewall problem The National Cyber Security Centre (NCSC) has considered prohibiting public sector organisations from paying ransomware demands to discourage targeting. Given that $459 million (£355 million) was spent on ransom payments globally in JUST the first half of 2024, the NCSC has a strong case.
However, the very existence of such a large ransom payment figure begs a fundamental question: what vulnerabilities are being exploited that lead to such significant payouts?
Cybercriminals frequently target individuals through social engineering tactics, such as phishing emails, malicious attachments, and compromised websites, to gain access to data. These methods exploit human psychology, leveraging people’s trust, curiosity, fear, and a lack of awareness about current cyberattack methods.
Consequently, people are often the critical and frequent point of weakness in an organisation's security posture, a vulnerability that is classed as the “human firewall problem.” This vulnerability is not a reflection of people’s negligence but rather a testament to the ingenuity of cybercriminals and the limitations of technical safeguards alone.
How to build up the human firewall
To effectively fortify this “human firewall,” organisations must move beyond basic security awareness training. While introductory workshops are a necessary first step, they are insufficient to address the complexities of today's threat landscape. Building a resilient security posture requires the creation of a security-conscious culture. In such an environment, employees are not just aware of cyber threats but are actively equipped through continuous and interactive cybersecurity training to identify, respond to, and avoid pitfalls.
With this in mind, a strong starting point to improve the human firewall is with the ‘mindset - skillset - toolset’ triad model:
1. Mindset: highlight personal responsibility and self-efficacy to improve an employee's cybersecurity awareness.
2. Skillset: Effective training has to go beyond theoretical knowledge of what threat actors can do. It should include practical applications such as simulated phishing attacks. These simulations enable on-the-spot learning and create familiarity with the tactics and techniques used by attackers, enabling employees to develop the critical skills needed to recognise and appropriately react to novel threats as they emerge. Using a next-gen, AI-powered training solution, the training can be personalised to the employee, rendering it even more impactful.
3. Toolset: Introduce processes and tools that strengthen employees’ security behaviours. One example is to introduce password managers to discourage the use of the same log-ins across multiple accounts, which is often done out of convenience.
Another strategy is to enforce the principle of “least privilege,” which grants users access to ONLY the data that’s needed to perform their role. Limiting excessive access is crucial in preventing the potential for widespread data exposure and
damage in the event of an account compromise. However, it is equally important to avoid overly restrictive access, which can hinder efficiency and productivity, often leading to shadow IT issues. Striking this delicate balance is where sophisticated Permission Managers are invaluable tools to work with.
Never trust, always verify
Integrating Zero Trust principles into the overarching cybersecurity strategy is another powerful layer of defence against potential breaches.
The fundamental idea of Zero Trust is that no user, device, or network should be inherently trusted, regardless of its apparent location or previous authentication. Embracing the mantra of "never trust, always verify" is a crucial element of this approach.
Furthermore, this mindset and its associated comprehensive training have to extend to all levels within the organisation, including boards and senior leadership. By actively participating in security training and demonstrating a commitment to cybersecurity best practices, leaders can drive forward that culture of security from the top down.
In a landscape where cybersecurity threats are constantly evolving, maintaining a workforce that is consistently updated on the latest developments and comprehensively trained is not just advantageous but critical for the security of all organisations.
Now is the time to proactively develop a strong human element – a human firewall – for cyber defence, in the case of an attack.
