Here, the chain is the security of your organization and its cyber defense is majorly dependent on the weakest link. You already know the weakest link of an organization’s security. In the People-Process-Technology triad, the weakest link is the employee of an organization.
According to a report by HelpNet Security, 43% of UK and US employees have made errors resulting in cyber security repercussions for their organizations. It also says the top reason for being tricked by a phishing scam for 47% of employees listed is a distraction.
We’re all human; we commit mistakes. But there are a plethora of people who are trying to take advantage of every silly mistake that can cost your business tremendous financial losses. Advanced technology and security practices, no matter how sophisticated, will always be constrained by this human factor.
Organizations often forget the menacing danger that insider threats can pose.
Why do Perpetrators Target Employees?
- For IP thefts such as; thefts of source codes, contractual information, employee details, client details, and other confidential data
- To demand ransom by encrypting the data and files.
- Corporate espionage or blackmails
- To malign the public image of the firm
- To disrupt some service thereby causing substantial damages on a large scale.
Malicious attackers generally use the means of social engineering to target various verticals like healthcare, consumer internet, telecom, cloud services, and e-commerce. BFSI and Healthcare Industries are major targets of hackers to capitalize on the negligence of employees.
Social engineering is an act of exploiting human behavior to fulfill malicious intent. As per CSO Online, the number one type of social engineering attack is phishing, accounting for over 80 percent of all reported incidents.
How to Reduce the Vulnerabilities?
• In-depth training should be provided to your employees to ensure the awareness of different attack vectors.
• Regular People Risk Assessment of employees can reduce the cyber risk considerably
• To use incentive mechanism to foster the employees’ attention towards security aspect.
• Periodic Vulnerability Assessment and Penetration Testing (VAPT) reduces the threat-posture of your organization.
Enterprises that don’t give priority to proactive security awareness or risk assessment are doomed to spend a hefty amount on mitigating PR nightmares from scandalous data breaches.
According to Russ Verbofsky, CIO & CISO at the New Mexico Department of Game and Fish, “You can pay me today or tomorrow. But tomorrow includes a press release describing how we weren’t proactive in protecting our data and systems.”
