The human firewall: Protecting the weakest link in the chain

10 Feb 2023

Dónal Munnelly, BT Ireland. Image: Connor McKenna/SiliconRepublic.com

BT Ireland’s Dónal Munnelly discusses the importance of cyber awareness, what companies should be doing and the wider implications of a growing threat landscape.

Cybersecurity is an ongoing issue for many organisations, with breaches making headlines on a regular basis.

And while CIOs and security leaders need to ensure there are enough resources and budget as well as a solid strategy in place, humans continue to be the weakest link in the security chain.

So how can companies go about mitigating the risk of human error? Speaking to SiliconRepublic.com, BT Ireland’s Dónal Munnelly said it’s essential to train “that human firewall” to make sure everyone has the right mindset.

“Think, pause and protect I suppose are the three keywords we would use,” he said. “There are lots of different emails that come in that look very real. They may have a sense of urgency about them, they may be enticing you to click on a link or they may be enticing you to reply to them in some way. Having that moment’s pause and just thinking about the action you’re about to take on that email is really important in terms of the protection for the organisation.”

Just yesterday (9 February), Reddit revealed that hackers obtained the credentials of one employee and were able to gain access to internal documents and code as a result.

Munnelly said that the onus should be on leaders to not only properly train their staff in proper cybersecurity practices, but to acknowledge those who report suspicious activity to help ingrain that into the organisation’s culture.

“Here at BT, we use a phrase called ‘security heroes’, so when you report something and it turns out to be true, you get an email follow-up that gives you a little pat on the back in terms of, you’ve done the right thing.”

While the human element is one of the biggest challenges for security leaders, Munnelly said there are other areas that businesses can work on to improve their posture, such as ensuring multifactor authentication is in place for users and regularly reviewing security policies.

“How often are you reviewing your firewall policies?  How often are you looking at the rules that you’ve set up or added to during the year to make sure that they’re still fit for your purpose, for your business, to protect your business and to protect  your users?”

The growing effect of cyberattacks

Munnelly also said that everyone needs to buy into the importance of good cybersecurity practices because of the increasing effect they can have on our everyday lives.

Attacks that made global news in recent years, which had a series impact on society, include the attacks on the Colonial Pipeline, JBS Foods and Ireland’s HSE.

“You saw people queuing at petrol stations, you saw beef shortages in parts of the world because of these, so we’re seeing a real day-to-day impact of cyberattacks which previously probably went unnoticed,” said Munnelly.

“As Irish citizens, we’ve seen a big impact on our own security,” he added. “We’ve all seen the phone calls, the texts, those types of activities that hackers do to try and get our data and from that, we should have a certain level of scepticism and a certain level of awareness in terms of how we interact with technology.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com