Which Employee Will Most Likely Expose You to Cyber Threats?

By:  |  Category: Blog, Security Friday, December 8th, 2017  |  No Comments

Kon Leong from Harvard Business Review penned an excellent article about the issue of employees exposing your organization to cyberthreats through human error. Here is an excerpt:

“Today, cybersecurity has expanded far beyond its traditional domain of external threats, typified by external hackers attacking network vulnerabilities. It now includes insider threats, which are much more complex and difficult to manage, as evidenced by some very serious recent insider breaches, such as those involving Edward Snowden and Chelsea Manning. The nature of insider threats can be categorized into malicious, accidental, or negligent, and account for a combined 39% of all data breaches according to recent research.”

The 3 most targeted departments:

TechRepublic wrote: “People are always the weak link when it comes to enterprise cybersecurity—but some departments are more likely to get hit and fall victim to attacks than others.

“Everyone is susceptible to these attacks. Nobody is immune,” said Wesley Simpson, COO of (ISC)2. “It doesn’t matter what type of organization, how strong you think you are, how much money that you’re investing into your hardware and software environment to have the latest and greatest technology. We’re all vulnerable, and you can’t do it alone.”

Here are three departments that are often most likely to fall victim to cyberattacks:

  1. IT and development. They are not immune to mistakes or attacks that result in security breaches, as 2017 has proved, said Forrester analyst Jeff Pollard. For example, we saw that Amazon S3 storage buckets were a constant source of data exfiltration, often by security researchers and bug bounty hunters, but also by attackers.
  2. Finance. A large number of attacks in 2016 and 2017 targeted procurement and finance teams, Pollard said. These attacks attempted to get employees of the company to transfer large sums of money to the attackers, bypassing normal accounts payable procedures and controls. There’s no reason to believe those attacks will drop in 2018, he added.
  3. The C-Suite. C-level executives—including the CEO—are the most at risk of being hacked when working outside the office, according to a recent report from iPass. These employees often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data, making them highly valuable and highly available targets, the report found.

The Harvard Business Review article suggests four areas where you can significantly mitigate this risk:

  1. Rethink employee training
  2. Identity high-risk users and intervene
  3. Shape the solution to the human user and not vice versa
  4. Constantly adapt to changing threats

They make a few excellent suggestions on how to get a program like this really effective, because recent research by the Ponemon Institute indicates that employee training is tied as the third-most-effective method of decreasing the per capita cost of a breach, right after extensive use of encryption and assignment of an incident response team.


They recommend:

  • Consider frequent and interactive training sessions
  • It’s a case of train, retrain, and repeat
  • Use the tried and true method of simulation, sending out mock-phishing emails

They end off with: “It’s true that to err is human, and humans will keep erring.  But increasingly, technology and improved practices can help you identify those employees who are most at risk of exposing your company to a cyberattack — before it becomes a major problem.

  • Security professionals rank user awareness training the most effective tactic to prevent and block ransomware (77%) followed by endpoint security solutions (73%), and patching of operating systems (72%) as preventive approaches to ransomware threats.

Give EnhancedTECH a call for comprehensive security training at 714-970-9330 or contact us at [email protected]


Source Image: https://www.pexels.com/photo/photography-of-people-using-smartphones-1413653/

Leave a Comment
Read previous post:
Phishing Attacks
How to Stop Phishing Attacks Impacting Your Business

Phishing attacks have been around since the 1990s, but they’re still causing trouble for businesses across the globe. All it...