The Institution of Engineering and Technology (IET) has told a House of Lords committee a basic understanding of cyber security among all company employees is critical.
Relying on a few cyber security professionals cannot provide the level of reassurance and safety required, according to IET cyber security lead Hugh Boyes.
“With the increasing use of computer-based and digital technologies in all aspects of our lives, engineers and technicians need to have a general understanding of cyber security principles.
“This is essential if we are to improve the security and resilience of our systems,” he said.
According to Boyes, most companies require all their staff to complete basic health and safety training and promote a workplace safety culture.
More on the IET
- UK critical infrastructure at risk of cyber attack, says IET report
- IET awards £200,000 in scholarships and awards for computer science and engineering students
- IET spends £500k in bid to woo STEM pupils
- Programmers must be literate, Donald Knuth tells IET in Turing Lecture
- BCS and IET join forces
- University of Essex' robotic fish enter IET awards
- BCS to partner with IET to drive IT professionalism
- Engineering and technology sector faces skills shortage, IET warns
- IET calls on government to set example over Windows XP
“Cyber security should be approached in a similar way. It is the responsibility of anyone using computer-based and digital technologies and cannot be left to a relatively small number of specialists,” he said.
The Digital Skills Committee was set up in June 2014 to consider information and communications technology, competitiveness and skills in the UK, and make recommendations.
As part of its investigation into these areas, the committee heard evidence from cyber security experts and representatives from regional digital hubs, such as London’s Tech City UK.
Few companies implementing security training
Earlier in 2014, security consultancy Schillings told Computer Weekly few UK companies are implementing effective security training for employees.
“A company can have the biggest security budget in the world, but that will not necessarily stop a person leaking data,” said Schillings delivery director of cyber security David Prince.
He said even larger UK businesses are doing little to minimise that risk through awareness training.
Security awareness can provide vital frontline feedback on how security is handled and perceived in the organisation
David Prince, Schillings
To keep employees on their toes, Schillings regularly sends them phishing emails to test how effective they are at identifying the threat and responding to it.
The company also runs regular data-breach scenarios to test the performance of all those in the organisation who have roles to play in the incident response plan.
“We run these exercises for clients because they are extremely useful in understanding and mitigating risk,” said Prince.
Schillings does not have any rigid awareness training schedule, but closely monitors events in the cyber security world and conducts sessions around any new developments employees should be aware of.
The company makes use of weekly general briefing sessions to highlight information security issues as and when they arise based on cyber threat intelligence gathering activities.
“Security awareness can provide vital frontline feedback on how security is handled and perceived in the organisation,” said Prince.