Which Employee Will Most Likely Expose You to Cyber Threats?

By:  |  Category: Blog, Security Friday, December 8th, 2017  |  No Comments
Cyber Threats

Kon Leong from Harvard Business Review penned an excellent article about the issue of employees exposing your organization to cyberthreats through human error. Here is an excerpt:

“Today, cybersecurity has expanded far beyond its traditional domain of external threats, typified by external hackers attacking network vulnerabilities. It now includes insider threats, which are much more complex and difficult to manage, as evidenced by some very serious recent insider breaches, such as those involving Edward Snowden and Chelsea Manning. The nature of insider threats can be categorized into malicious, accidental, or negligent, and account for a combined 39% of all data breaches according to recent research.”

The 3 most targeted departments:

TechRepublic wrote: “People are always the weak link when it comes to enterprise cybersecurity—but some departments are more likely to get hit and fall victim to attacks than others.

“Everyone is susceptible to these attacks. Nobody is immune,” said Wesley Simpson, COO of (ISC)2. “It doesn’t matter what type of organization, how strong you think you are, how much money that you’re investing into your hardware and software environment to have the latest and greatest technology. We’re all vulnerable, and you can’t do it alone.”

Here are three departments that are often most likely to fall victim to cyberattacks:

  1. IT and development. They are not immune to mistakes or attacks that result in security breaches, as 2017 has proved, said Forrester analyst Jeff Pollard. For example, we saw that Amazon S3 storage buckets were a constant source of data exfiltration, often by security researchers and bug bounty hunters, but also by attackers.
  2. Finance. A large number of attacks in 2016 and 2017 targeted procurement and finance teams, Pollard said. These attacks attempted to get employees of the company to transfer large sums of money to the attackers, bypassing normal accounts payable procedures and controls. There’s no reason to believe those attacks will drop in 2018, he added.
  3. The C-Suite. C-level executives—including the CEO—are the most at risk of being hacked when working outside the office, according to a recent report from iPass. These employees often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data, making them highly valuable and highly available targets, the report found.

The Harvard Business Review article suggests four areas where you can significantly mitigate this risk:

  1. Rethink employee training
  2. Identity high-risk users and intervene
  3. Shape the solution to the human user and not vice versa
  4. Constantly adapt to changing threats

They make a few excellent suggestions on how to get a program like this really effective, because recent research by the Ponemon Institute indicates that employee training is tied as the third-most-effective method of decreasing the per capita cost of a breach, right after extensive use of encryption and assignment of an incident response team.

Employee_Training_Source_Ponemon.png

They recommend:

  • Consider frequent and interactive training sessions
  • It’s a case of train, retrain, and repeat
  • Use the tried and true method of simulation, sending out mock-phishing emails

They end off with: “It’s true that to err is human, and humans will keep erring.  But increasingly, technology and improved practices can help you identify those employees who are most at risk of exposing your company to a cyberattack — before it becomes a major problem.

 

  • Security professionals rank user awareness training the most effective tactic to prevent and block ransomware (77%) followed by endpoint security solutions (73%), and patching of operating systems (72%) as preventive approaches to ransomware threats.

Give EnhancedTECH a call for comprehensive security training at 714-970-9330 or contact us at sales@enhancedtech.com.

Samantha Keller

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
Cloud Technology
Are You Making the Most of Cloud Technology?

Many businesses have leapt headfirst into cloud technology, only to abandon it later when it failed to live up to...

Close