Your company's enemy withinBy Bill Dunnion
The topic of cyber security is never an easy subject. The breadth of solutions needed in this day and age to thwart attackers is at an all-time high, while breaches seem to be climbing exponentially driving the need for solutions.
However, through media and marketing, the belief is that the greatest enemy to cyber security is the nefarious dark-hooded hacker eagerly poised over a laptop, working feverishly to hack your system by outpacing perimeter defenses. And though this makes for good media fodder and the occasional Hollywood movie, the reality is that there is a far bigger and more serious threat to companies—and it comes from within.
For every breach that happens, the majority are caused by people who work inside the company. And though that sounds frightening—and so it should—the one thing to be clear about is that statistically speaking it’s based primarily on people being asleep at the proverbial switch—not on malicious intent.
In fact, human error is the root cause for breaches, accounting for more than 50% of all so-called hacking incidents. It’s this error that also accounts for an estimated average data breach cost of $150 million in North America, with the global annual cost forecast to be $2.1 trillion.
The worst part of all this? The errors are downright comedic in nature and could easily be solved. The top four causes being weak passwords, sending sensitive information to the wrong person, sharing passwords and, of course, falling for phishing scams.
As it pertains to weak passwords, it’s beyond simple to fix. And for those interested I wrote an article on that very topic just a few weeks ago—you can read more about it here: Make your password simple so that it’s harder to hack. Wait …what?
Then there is the sending of information to the wrong person—we’ve all done it. You choose an email from a dropdown as you type, but fail to notice that the Jane Smith you meant to send the report to internally was actually a Jane Smith that you barely know. The solution there is nothing but due diligence. A two-second check as part of your good email habits and that issue goes away immediately.
Now, as for sharing passwords—seriously, do I need to even speak to this? It’s 2019, this should never happen. A good education system paired with 2FA will solve this in a New York minute.
Lastly, there is the issue of phishing scams. This is a tough one as some of the scams I have seen recently are getting pretty hard to detect. Now, of course, there are phishing solutions. Real-time phishing simulations are a fast and effective way to educate users and to increase alertness levels to attacks.
The secret here is ensuring that the educational factor is top priority. And, in some ways, I honestly feel a bit of a heartbreak when it comes to educating people on cyber security practices—it ultimately means that people’s good nature and trust of the outside world is tarnished. The mindset of not trusting anything that lands in your email, links on websites, and more, is against most people’s nature. The unfortunate reality is that we must all work to be far more jaded and mistrusting of the digital world.
Finally, there is the other internal threat of the malicious actor. There will always be the risk of someone having ill intent, wanting to either expose a company’s data for some sort of gain, whether social, political, or just for money. That, of course, is an entirely different topic that is better discussed in another article.
But for the average person sitting at their desk every day, committed to their company and their job, mistakes will and do happen. It’s simply a matter of a few right tools paired with education to mitigate the risk—drastically reducing the chances of an innocent but present enemy within.