Humans are the weakest link in the information security chain
Here, the chain is the security of your organization and its cyber defense is majorly dependent on the weakest link. You already know the weakest link of an organization’s security. In the People-Process-Technology triad, the weakest link is the People of an organization. According to a report, 78% of the security professional think the biggest threat to endpoint security is the negligence among employees for security practices. It also says that the average organization experiences 9.3 insider threats per month.
We’re all human; we commit mistakes. But there are a plethora of people who are trying to take advantage of single silly mistake which can cost your business tremendous financial loss. Advanced technology and security practices, no matter how sophisticated, will always be constrained by this human factor.
Often organization frequently forgets the menacing danger that insider threats can cause.
Why do perpetrators target employees?
· For IP thefts such as; thefts of source codes, contractual information, employee details, client details and other confidential data
· To demand ransom by encrypting the data and files.
· Corporate Espionage or blackmails
· To malign the public image of the firm
· To disrupt some service thereby causing substantial damages on large scale.
Malicious attackers generally use the means of social engineering to target various verticals like healthcare, consumer internet, telecom, cloud services and e-commerce. BFSI and Healthcare Industries are major targets of hackers to capitalize on the negligence of employees.
Social engineering is an act of exploiting the human behavior to fulfill malicious intent. In fact, around 60 percent of businesses got trapped in a social engineering attack in 2016.
How to reduce the vulnerabilities
• In-depth training should be provided to your employees to ensure the awareness of different attack vectors.
• Regular People Risk Assessment of employees can reduce the cyber risk considerably
• To use incentive mechanism to foster the Employee for attention towards security aspect.
• Periodic Vulnerability Assessment and Penetration Testing (VAPT) reduces threat-posture of your organization.
Enterprises that don’t give priority to proactive security awareness or risk assessment are doomed to spend hefty amount on mitigating PR nightmares from scandalous data breaches.
According to Russ Verbofsky, CIO & CISO at the New Mexico Department of Game and Fish, “You can pay me today or tomorrow. But tomorrow includes a press release describing how we weren’t proactive in protecting our data and systems.”