View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 1, 2019updated 28 Jul 2022 4:05am

Parliament: “We Need ‘Behavioural Change’ Help on Cybersecurity

Help with "behavioural and cultural change" needed to boost cybersecurity?

By CBR Staff Writer

Parliament’s procurement team is seeking a partner to help it change the wicked ways of MPs and staff when it comes to cybersecurity — saying it’s looking for an expert in “behavioural and cultural change” to maintain Parliament’s cyber-capability.

The Parliamentary Procurement & Commercial Service says it plans to roll out a “cyber capability change programme” over the next 24 months, and is initially putting out feelers with a soft market-testing questionnaire (deadline: October 14, 2019).

It’s seeking workforce capacity support, as well as cultural change…

See also: Phishing the BIRD: ECB Website Hacked

The ideal partner will support it with the following:

  • Ensuring “behavioural and cultural change to maintain Parliaments Cyber Capability
  • Creating a “target operating model review and validation for delivery of Cyber Capability”, and
  • Developing a “workforce management strategy for maintenance, development and retention of Cyber Capable personnel

The team hasn’t put a budget to the contract at this stage, saying the questionnaire will provide “a greater awareness of consultancy solutions that currently exist in the market place and to enable Parliament to see if their ambitions to deliver broader Cyber Capability & Cultural Change can be supported by an external provider.”

Read this: Microsoft Warns Over Sophisticated, “Peculiar” New Malware using Node.js

Like any enterprise workspace, Parliament is no-doubt struggling with the perennial issue of staff clicking phishing/whaling links; one of the most enduring behavioural challenges for businesses and a key vector for broader cybersecurity attacks.

It will find no shortage of businesses dedicated to user awareness of malicious urls, elegantly spoofed emails purporting to be from ministers, and other such campaigns.

As the NCSC notes, however, relying on users to change their behaviour/spot malicious campaigns will only have limited success.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

“Instead, you should widen your defences to include more technical measures.”

As the NCSC notes, various resources exist to help users spot the common features of phishing messages, such as urgency or authority cues that pressure the user to act. CPNI’s Don’t Take the Bait! Campaign provides a range of materials to support this.

Topics in this article: , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU