Employee errors risk companies’ data security
Employee error remains one of the biggest weaknesses in firms’ fight against cyber attacks with many failing to the implement even half- decent defences.
A number of simple steps can be taken to limit the risk of simple employee mistakes triggering cyber attacks, according to Verizon investigative response managing principal, Laurance Dine.
“Awareness and training is a way to combat that. Another thing to do is to encrypt your data so if it gets sent to the wrong person then at least they don’t have the password to decrypt or the key or however you want to send it out.
“One of the things we talk about is moving away from paper documents because you can’t encrypt a paper document so if somebody puts that in the mail and it gets sent to the wrong person they obviously have access to it.
"But if you encrypt your data and that gets sent to the wrong person by accident then at least they don’t have the key to unlock it,” Mr Dine said.
Verizon’s 2016 data breach investigations report which draws on data from 82 different countries shows the same vulnerabilities and attack types showing up year after year.
Simple errors such as failing to apply software patches, a shortage of server capacity which can overwhelm internal systems and mistakes by employees continue to account for a large number of cyber incidents. More malicious motivations from those within an organisation also pose a significant risk to firms’ data security.
Typically, attacks of this sort are motivated by money, as indeed the majority of all breaches are.
A quarter of “insider threat” attacks are linked with espionage, however, including the theft of intellectual property.
Insider threats, which typically take longer to identify, also help skew “detection deficit” statistics which show organisations take weeks or more to discover an incident has occurred while 93% of attacks take minutes to compromise a system.
“The detection deficit has been there and been similar for years... One of the things that skews it a lot is insider threat where individuals steal your data before they leave a business or steal the data and sell it to bad people.
“That’s a very difficult thing to track and a lot of those take months and years to identify.
"There’s always going to be people who are going to be disgruntled employees who either believe that the data they are stealing belongs to them because they created it, whether it’s a piece of software or whatever idea it is, or there’s always going to be people that try to manipulate your employees to provide that info for financial gain,” Mr Dine said.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
