Human Error Continues to Drive Numbers on Cybersecurity Attacks
Checking the box for your organization’s cybersecurity training annually doesn’t quite cut it anymore. Cyberattacks are rising yearly, and one of the top reasons is human error. Taft dives into the best approach to managing privacy and cybersecurity and how to create a more innovative, more attentive security culture.
You might think your run-of-the-mill privacy and cybersecurity training is sufficient. You might think that by “checking the box” on generic training you have fulfilled your duty and obligation to mitigate data privacy and cybersecurity attacks. You might think that general malware protection adequately secures your company’s data and you can move on with your everyday business efforts without concern. Think again. Human error continues to be the number one driver of data breaches. Over 85% of all data breaches are caused by an employee mistake. (Source: Psychology of Human Error by Stanford University Professor Jeff Hancock and Tessian, a cybersecurity firm.) “Human error” can take many forms from the use of stolen credentials and misuse of company information to phishing or malware links. Cybercriminals and hackers have developed advanced and creative tactics in efforts to access and steal confidential information. Malware attacks, for example, are attacks where hackers attempt to infiltrate networks, individual computers, and mobile devices with malicious software. An unassuming click to open a link or download software is all it takes to enable a malware attack. Social engineering tactics are often used to get employees to send bank account information, provide usernames and passwords, among other confidential information. Psychological manipulation is the bread and butter of social engineering. Such efforts intentionally target human interactions by tricking persons into thinking they are receiving an email from a trusted source, perhaps a friend or a business partner. Email content may consist of an urgent request, portray legitimate branding to make the email appear trustworthy, request your “verification” of information, or pose as a boss or coworker. Employees need to be trained and continuously reminded to be mindful when conducting business. Technology can only take us so far in protecting businesses and securing information from cybersecurity attacks, especially with respect to social engineering. In the hustle and bustle of everyday business, it is easy to flit from email to email, shooting off quick responses without even glancing at the subject line, or the name or email address of the sender. Some of the simplest requests from a seemingly innocuous email can lead to the leak of very valuable information. Do you recognize the sender’s email address? Are there spelling mistakes in the content of the email? Is the company or individual name familiar to you? Cybersecurity attacks can be incredibly costly, causing financial, mental, and emotional heartache from the click of a button. Aside from financial ramifications, data breaches and cybersecurity attacks may reflect negatively on your business’s reputation, cause you to lose clients or customers, and may even lead to significant litigation proceedings and hefty government fines from breach of regulatory violations. The best approach in managing privacy and cybersecurity training is a proactive one. A primary goal should be to create a smarter, more attentive security culture within your business.
Read the full article here.
Adlumin Inc. is a patented, managed security services platform built for corporate organizations that demand innovative cybersecurity solutions and easy-to-use, comprehensive reporting tools.