Last Sunday marked the 11th annual Data Protection Day. An event which, as its name suggests, was created to champion the importance of protecting what has become every business’s most valuable asset… Data.
It’s message has never been more important or relevant, especially given that last year we witnessed some of the biggest breaches ever recorded.
There were attacks on organisations that will be spoken about for years to come. One, of course, being WannaCry, the worldwide breach that affected more than 300,000 computers and temporarily crippled the UK’s National Health Service. It shone the spotlight on cybercrime, propelling it into national, and international, headlines, while proving that anyone and everyone is a potential target.
Thanks to the publicity that currently surrounds cyber crime, and its devastating consequences, the importance of having a robust security strategy in place has never been more clear. Many organisations believe that the best way to achieve this is simply by layering up with various security solutions, creating a suit of armour to protect against any incoming missiles.
But what if the real threat comes from inside your organisation?
In any environment, you will always find those willing to invest the time and energy needed to sidestep the red tape, clamber over the barriers and get the job done. Financial rewards, revenge, curiosity…whatever the motivation behind it, the efforts of those committing cyber crime have undeniably increased over the years.
There’s simply no getting away from the fact that cyber criminals are becoming smarter. Nowadays all it takes is one innocent click and your entire organisation could be at risk.
The relentless attacks are more targeted than they’ve ever been and, with carefully-crafted phishing emails occasionally slipping through the cracks and finding their way into inboxes, your unsuspecting employees often become your last line of defence.
Not an encouraging thought when last year, the government’s annual Cyber Security Breaches Survey revealed that all four of the most common types of breach can be linked to human factors. Errors made by employees, such as unwittingly clicking on a malicious link in a fraudulent email (which accounted for a massive 72% of breaches!) or succumbing to impersonation via email or online, have become the biggest threat to any organisation.
So what can be done?
It’s clear that, in order to survive the never-ending barrage of digital threats, change is needed.
The government’s breaches survey outlined ‘ten steps’ for businesses to follow in order to take action against cyber crime. One of the top line recommendations was to undertake some form of user education and training. Sounds sensible, right? If your employees are your last line of defence, surely you should be arming them with every bit of knowledge that you can.
And yet, the survey indicated that only 30 per cent of businesses were currently taking action in this area…
That leaves 70 per cent of businesses who are unnecessarily putting themselves at risk.
Awareness throughout all levels of business is key. Cyber threats no longer solely affect IT departments, so all employees need to be educated. Put the processes and training programmes in place which will encourage your staff to be more vigilant and train them to mitigate security risks.
Remember, a cyber security chain is only as strong as its weakest link.
Having said that, no matter how much time and money you invest in training your workforce and enabling them to recognise the symptoms, the evolving and unpredictable nature of cybercrime will mean that it’s difficult to keep up.
For too long, the cyber security market has been focused solely on historical types and vectors of attack with little to no attention being given to real-time tracking and visibility. But your cyber security strategy needs to be just as progressive and even more advanced than those it is protecting against.
In order to further strengthen the human element within your security strategy, you need to understand your employees and their behaviours.
By knowing where users log on, when they work remotely and how often they use their own devices for work purposes, you can add another layer to your digital defence. A contextual, 360-degree view of all user activity will enable you to rapidly highlight any anomalies and immediately pick up an analytical audit trail to identify whether they pose a threat to your business. It gives you the gift of time.
When it comes to cyber security, knowledge is power. By combining an effective employee education program with a real-time analytics solution, you can arm yourself in the fight against cybercrime and make sure that humans are no longer the weakest link in your security chain.
Richard Walters is chief security strategist at CensorNet.