Security breaches are becoming more of a promise than a threat. It is not a matter of if, it’s a matter of when. According to the Identity Theft Resource report, there have already been 300+ breaches that involved a total of over 1.3 million records in 2017. Last year they reported 980 breaches, meaning we are on track to exceed last years totals. These are just the numbers on the reported and confirmed breaches – it is generally estimated that 75% of breaches go unreported. Who’s to blame for these giant lapses in security?
The weakest link in a companies security is the people that work there. They are responsible for an estimated 90% of cyber attacks. There are two main sources of employee security failures, malice and unintentional actions. The first, malicious breaches, are a result of poor screening of new employees. Thorough background checks are critical in reducing the likelihood of bringing on a person who intends to do your company harm. But, the majority of employee-involved lapses are unintentional.
An article from the Identity Management Institute expands on this:
The most common, easy, and low cost method used to steal access and other sensitive information from employees and other system users is spear phishing which is often a fake email asking potential victims to click a URL and fill out a form on a fake website or click on attachments and links which download malware onto the users’ computing devices leading to unauthorized access.
“Despite all the attention and resources that cybersecurity is receiving from the media, executive management, and governments, organizations still fail to protect their most valuable assets from hackers because they focus too much on network security while ignoring the employee identity theft and access exploitation risk,” says Henry Bagdasarian, the Founder of Identity Management Institute.
Human error doesn’t just lead to identity theft and access giveaway in phishing attacks. Other errors that employees and management make that facilitate security incidents include allowing inactive and orphan accounts with no ownership to exist, creating excessive numbers of highly privileged accounts, and sharing passwords.
“The main reason why we ignore the reports which point to human error as the main root cause of data breaches is the belief that only network security can stop hackers in the Internet world. This is not an accurate assessment because as organizations excessively fortify their network security with intrusion detection and prevention technology, data breach incidents continue to rise,” continues Mr. Bagdasarian.
Companies are failing to prevent cyber intrusions because they fail to address the weakest link in the information security chain which is people (employees, contractors, customers, and vendors) who have access to systems.
It’s always easy to blame others, and harder to put fault on ourselves. But, when it comes to maintaining your business’ network security, the onus is on you. Thorough training and cyber security policies are critical in teaching your team to avoid risks. It’s also important to have a robust data security framework in place. Great Lakes Computer offers a range of security and backup services that can protect your business in the event of an attack. Contact us to learn more.