Humans - The weakest link in the cyber security chain

Every year companies spend millions on cyber security, ensuring their important data is well protected from prying eyes. With an ever growing and evolving cyber threat, organisations must constantly ensure they are up to date with the latest malware and virus protection or have downloaded the latest firmware upgrade to ensure they will not be hit by the latest trending attacks.

shutterstock_248514361.jpg

According to the study by IBM/Ponemon “Cost of Data Breach Study: Global Analysis” - The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6 percent, jumping from $145 in 2014 to $154 in 2015. These costs are linked to increased costs in items such as loss of customer confidence, company downtime as well as an increase in costs of recovery. Combine these findings with the Breach Level Index (BLI) statistics that 22 records were compromised every second (1.9 million every day) in 2015 and it shows Cyber-crime has now become a very profitable and attractive profession. Nobody needs to rob a bank with a gun anymore, not when they can do it with a computer from the safety and comfort of their own homes!

Huge budgets and resources are often plunged in to online data protection and other expensive technical tools to help ensure a company’s data is secure, but when was the last time your company spent the appropriate time or money arming you? Have you ever been trained to spot a cyber attack? Or block a spammer? Do you know the difference between a phishing attack and a Trojan horse?!

IBM’s “2014 Cyber Security Index” tells us that 95% of all security incidents involve human error. So it is actually you and I, the ‘trusted employee’, that is more often than not the cause of any major data breach, whether we know about it or not! As with most criminal activities a hacker will always aim for the softest target, the ‘lowest hanging fruit’ and unfortunately, when it comes to cyber security, that usually means us, ‘the user’.

At this point a few thoughts may cross your mind, ‘this doesn’t apply to my company’, ‘Our critical information is not important to anyone else’. Unfortunately though your critical data is always important to someone. The FBI estimate that cyber criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer services. Ransomware, as this type of Cyber threat is commonly known does not have to break in to your data vault to steal your information, it just has to find a way to put a second lock on it so you can’t access it either. Once it has locked it up. You either pay for it to be unlocked, or you lose it.

One of the key finding highlighted in the IBM “Cost of Data Breach Study” was that – “Improvements in data governance initiatives will reduce the cost of data breach. Incident response plans, the appointment of a CISO (Chief Information Security Officer), employee training and awareness programs and a business continuity management strategy result in cost savings”.

As the front line operative on your computer, you are the first line of defense. In the current cyber-crime era it is now yours and your colleague’s job to protect your organisational data and information, not just the IT departments. If you feel under prepared for this task then perhaps you should ask your company security or IT department for a briefing on potential threats and weaknesses within your company IT infrastructure, or look online as there is now a huge amount of up to date research available which can get you quickly up to speed on current cyber-crime threats and trends.

  • In the meantime though, the below tips may help you to stay safe while logged in –
  • Keep your computer configuration current with the latest patches and updates
  • Choose strong passwords and keep them secure
  • Change any factory default passwords for technologies such as internet routers
  • Protect your personal information – be careful what websites you leave your personal                 details a with and also ensure you social networking profiles (Facebook, Twitter, LinkedIn etc.) are set to private
  • Secure your mobile devices by setting good passwords and not allowing 3rd party access through apps
  • Protect your computer with up to date internet security software
  • Emails and online deals that look too good to be true, usually are!
  • If you receive emails from unknown sources then do not open them especially if they have attachments
  • Encrypt your confidential data
  • Take regular backups of your data on an external hard disk/drive and keep these backups unconnected to your system
  • Report suspicious activity to your local administrator or CISO

Cyber-crime is now everywhere, it is not a case of if you or your company will get hit any more, it is now a case of when. Don’t be the one that lets the wolf through the door. Be aware, be vigilant, stay protected.

Tom Ham; Consultant and Client Services Manager

Additional Reading 

https://www.theguardian.com/world/2017/feb/12/uk-cyber-attacks-ncsc-russia-china-ciaran-martin