Cybersecurity threats have grown to become more sophisticated on the back of the ongoing pandemic. Businesses can no longer rely entirely on conventional cyber security strategies nor can they afford to delegate the responsibility wholly on IT professionals. A collective effort involving business leaders, employees and system professionals is required to build and maintain a strong security position. What is the role of an employee in relation to cybercrimes?
A 2017 Data Breach Investigation Report reveals that 90% of cyber-attacks result from human errors. The most effective entry point and primary pray for threat actors in credential harvesting expeditions are therefore the employees who pose as end users. The current challenge however, is that cybercriminals use cutting-edge techniques such as AI machine learning and deepfakes to bypass basic defense systems without being detected. Having gained access through entry points, it becomes easy for hackers to infiltrate business network systems and exploit sensitive information. Sadly, one such entry is capable of incapacitating a business, especially amidst a crippling post pandemic economy.
Improper Sharing of Sensitive Information
Recent studies have shed light on human errors amidst the pandemic and the alarming vulnerabilities that are caused by them. Netwrix 2020 reported threats associated with accidental and improper sharing of data by employees. A whopping 92 % of enterprises recognize this as a critical condition.
Another pressing issue by which end users expose sensitive information to cybercriminals is weak passwords. In the 2019 Google/Harris Poll study it was discovered that 59% of employees use predictable passwords, such as birthdates, spouse or children’s or pet's names which can be easily gathered through social media platforms in brute force attacks. Moreover, reusing passwords across multiple accounts, sharing passwords and saving credentials in sticky notes were some common end user password associated errors emphasized.
Lack of Immediate Action
To make matters worse, Google reported that only 45% of employees complyies withto “change password” prompts once notified they have been breached.
Vulnerable to Phishing Attacks
Falling victim to phishing expeditions was reported as another major threat which targets end users. In the graph below the average click rate against type of phishing campaigns in 2018 were depicted.
Awareness is the remedy
Cofence 2019 Annual Phishing Report suggests that a swift response to a sophisticated phishing expedition by an employee had helped recover data within 20 minutes.
Therefore, it can be established that cyber security awareness is the key element which shields a company from cyber-attacks. Not only is it the process of educating employees about cybercrimes, but it also entails arming the staff with proactive measures which must be followed in an event of a suspicion. A fully equipped employee will be capable of comprehending the magnitude of cyber threats on the business. They will also be competent in maintaining best practices and cyber hygiene while being able to respond quickly when faced with infiltrations ion online work space.
Raising awareness has already been accounted as vital by more than 50% of organizations. Businesses worldwide are reported to have invested more than $1 billion last year on cyber security training. The percentage of these investments have increased by 13% this year. In addition, business budgets to invest on employee cyber security training have increased from 33% to 67% up to date, according to 2020 Netwrix IT Trends Report: Reshaped Reality.
The novel coronavirus has made CIO’s jobs more challenging. CIO’s have lost the grip on ensuring infrastructure security through corporate network systems due to restrictions imposed on the work force (Statistics states that 85% of CIO’s have admitted to lower cyber security guards to avail remote working). Since work stations are operated from different locations and different networks, end users are exposed to more risks. It is necessary that CIO’s build an integrated cybersecurity architecture. But most importantly CIO’s are entrusted with the responsibility to create a workspace environment surrounding cyber security awareness. They are the key force behind curbing data and information vulnerabilities.
One way in which cyber security awareness can be achieved is implementing training programs. Instructing fellow staffers to assure basic cyber safety measures by using approved software and following password protocols is necessary. In order to combat more sophisticated cyber-attacks, employees must be educated to utilize more advance strategies such as multifactor authentication and two step verification process. In addition, educating end users in regards to modern sophisticated vices used by cyber criminals in simple, practical terms will aid employees to identify and take effective counter measures.
Laying down data recovery strategies clearly and enforcing employees to follow the necessary regulations and standards is also imperative. This not only enables to bridge the gap between actions and plans, but it also creates awareness among teams keeping them, aligned and accountable.
Detect and Plan for What You Can’t Prevent
Shielding a company’s cyber space with a scattered employee body, goes beyond individual effort. Here at CSG Technlogies, we extend services to take this burden off of you. A round the clock monitoring and managed IT services will ensure the safety of your company’s cyber space from potential threats. Our services also include the much-needed cyber security awareness training programs. Moreover, our IT professionals who will be deployed for these tasks are equipped with hands on experience and are well versed in cutting edge technology. Contact our professionals and place a strategy that fits your company’s needs today!