Addressing the role that human error plays in data breaches
Cyber attacks are now an unavoidable phenomenon, rather than a possibility. Almost every day, news comes in about another organization whose systems are taken offline or whose data is stolen as a result of a cyber attack. The nature of modern businesses means that cybersecurity shortcomings are a very real threat to their survival – and something that every employee in an organization plays a role in preventing.
Thales’ Data Threat Report 2024 shows that human factors are still a major cause of cloud data breaches. Of IT professionals surveyed, 22% said human error was the most concerning threat. Additionally, 74% cited threats from human error as a top priority. Over the past three years, human error has ranked first or second as the leading source of cyber attacks for businesses.
With so many cyberattacks coming down to simple human error – and cybercriminals often taking advantage of the human tendency to make mistakes – how can companies mitigate these human-related risks and secure their IT infrastructure?
EMEA Technical Associate Vice President of Data Security Products at Thales.
Remote work is an additional frontline in cybersecurity
Many cyber attacks can start innocently enough. Phishing emails are a common method: tricking an unsuspecting employee who may have let down their guard by clicking a malicious link, or sharing compromising information such as passwords.
Passwords have long faced challenges from a security perspective. By placing the burden on users’ shoulders and relying largely on human memory, there is a high risk that people will fall back on using the same memorable passwords for multiple accounts. While conventional advice recommends issuing long, complex passwords for professional use, the reality is that this doesn’t happen nearly enough.
Remote work has given many employees welcome flexibility in the way they do their work, but at the same time comes with additional cybersecurity risks. Employees are less likely to speak out and raise concerns in a remote setting, or from the comfort of home without letting their guard down. They are more likely to fall victim to phishing fraud. Flexible and hybrid work arrangements are the norm in many industries, but with so much variation in the types of networks employees use to access sensitive documents and data, the likelihood of corporate data being exposed on insecure networks increases.
The impact of data leaks
Whether operational or financial, the aftermath of successful data breaches can be devastating. Businesses can be brought to a complete standstill, not to mention the additional losses due to ransom payments and fines resulting from the breach.
There are also the longer-term consequences for reputation and customer loyalty, with the brand damage from a successful breach often lasting for a long time. Customers, suppliers and partners can also see their stories featured in the media, making the impact even greater.
From awareness to prevention
Reducing the cyber impact of people-related risks is as much a cultural and behavioral change as it is a technological change. Business leaders must be proactive in building employee understanding of the role they can (and should) play in protecting both themselves and the organization they work for.
At the same time, when establishing policy, the way in which people in the organization actually work must also be taken into account. If the rules are too strict, employees will look for unsafe shortcuts to avoid them. Whether it’s using personal devices, email accounts, or unauthorized memory storage devices, what the company has in place and what employees ultimately do can be very different – and that poses enormous risk.
The human element must be at the forefront of any cybersecurity plan. Employees should be consulted on their preferences when designing protocols to ensure there is full accessibility and understanding across all functions and departments within the organization.
Finally, businesses can also make progress by reviewing and changing the way they authenticate their systems and data. By moving from passwords to biometrics or other stronger, easier-to-use systems such as passkeys, businesses can no longer rely on the human memory of their workforce – and the risks associated with that.
In a world of evolving threats, no company can ever realistically consider itself “done” with cybersecurity. But by considering the above, leaders will be well on their way to mitigating one of the most common ways organizations are breached – and empowering their employees in the process.
We have the best cloud antivirus.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro