Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Employees – the weakest link to commercial security risks

by The Gurus
June 20, 2016
in Editor's News, News
Share on FacebookShare on Twitter

Security breaches have become ever present within our society today, with news of breaches, such as those to baby care retailer Kiddicare and social media giant LinkedIn, gracing the front pages most mornings. With cybercriminals having an increasing presence within our rapidly evolving online society, scenarios such as the above are likely to become a more everyday occurrence unless the right measures are put in place.
The cost of the average data breach rose dramatically in the last twelve months[1], with the average cost for companies increasing to $3.79 million once lost business, compliancy fines and reputational damage are taken into account. To put it another way, the average cost for each stolen record – often containing sensitive and confidential information – is $154, a number not to be sniffed at. As a result businesses are becoming increasingly concerned about protecting the sensitive data that they hold within their business.
Businesses need to understand how cybercriminals are increasingly gaining access to their internal systems before they can mitigate this risk.  It may come as a surprise to many of you, but the days of the brute force attack are over, now the bad guys wishing to infiltrate your network are taking a much more calculated approach. According to recent research by Intel[2], internal factors are now responsible for almost half (42 per cent) of all data loss cases in the UK, demonstrating that employees are often an organisation’s weakest link when it comes to information security.
Most of this is down to phishing scams, where fraudsters attempt to acquire sensitive information, for example usernames, passwords and credit card details or steal money by masquerading as a trustworthy entity via an email, pop-up message, phone call or text message. Once a cybercriminal has an employee’s password, obtained by a phishing scam or any number of other common social engineering techniques, they can access the entire corporate network and the sensitive data held within it.
In fact it is getting so bad that UK-based Action Fraud reveals that it now receives 8,000 reports of phishing scams every month[3]. Email is by far the most common attack vector with over two thirds (68 per cent) of people who reported a phishing scam saying that is how they were contacted. This compares to 12.5 per cent of people who said they were contacted by phone, 8.9 per cent of people who reported that they received a text message and the rest claiming they were contacted in another way.
The process of phishing is often very swift too. According to a recent report by Verizon[4], it takes cyber criminals just 82 seconds to ensnare the average victim in a phishing scam, with almost a quarter ( 23 per cent) of people likely to open a phishing email.
Whether it’s down to human error, a phishing scam or an intention leak, organisations of all sizes need to embrace employee education as part of their security policies. Not only will this educate employees on the risk and potentially crippling costs associated with data breaches, but will also provide insight into the types of phishing scams that they are likely to fall victim to. By doing so, employees will have an understanding of the risk that such breaches pose to the organisation and be able to alert the IT team if they are being specifically targeted.
The problem with phishing though is intensified by the fact that modern techniques are getting increasingly hard to spot for even the savviest employees. Whilst education of staff is important, it is also imperative to have a safety net so that you can understand exactly how data is moving in, around and out of your organisation.
Only by gaining greater visibility, analysis and control of all communications channels can businesses mitigate the cost of sensitive data leaving the safety of the organisation. To facilitate this, organisations need to be able to monitor each employee’s use of corporate assets at the most basic level, regardless of whether users are in-office or mobile. Solutions such as cloud application control (CAC) solutions can provide businesses with this visibility and the ability to discover, analyse and control the information staff are accessing or sharing.
With the added pressures of the digital transformation impacting how and where we work, employees are increasingly opting to work outside of the traditional office environment. Because of this businesses need to ensure that the right employees have the right access to company information and systems, no matter where they’re working from. With access privileges morphing depending on whether they are in, or out, of the office. Multi-factor authentication can play a dominant role within an organisation’s cybersecurity strategy to help facilitate visibility of the use of cloud apps – authorised or otherwise – so that they can spot when a phishing attempt may be leading to a sustained data breach and help mitigate the associated fall out.
[1] https://www-01.ibm.com/marketing/iwm/dre/signup?source=ibm-WW_Security_Services&S_PKG=ov34982&S_TACT=000000NJ&S_OFF_CD=10000253&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&cm_mc_uid=01512328606014640999746&cm_mc_sid_50200000=1464099974
[2] http://www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf
[3] http://www.actionfraud.police.uk/news/action-fraud-reveals-that-it-receives-8000-reports-of-phishing-scams-every-month-mar16
[4] http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

FacebookTweetLinkedIn
Tags: action fraudbrute forcecensornetcompliancycorporate networkcostcybercriminalsdata breachemployeesFinefinesIntelNetworkpassword
ShareTweetShare
Previous Post

Adopting a User-Centric Approach to Protect Sensitive Data

Next Post

Civil Service payroll system to be audited following data breach

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information