Humans are the weakest link in the information security chain

Image for post
Image for post

Here, the chain is the security of your organization and its cyber defense is majorly dependent on the weakest link. You already know the weakest link of an organization’s security. In the People-Process-Technology triad, the weakest link is the People of an organization. According to a report, 78% of the security professional think the biggest threat to endpoint security is the negligence among employees for security practices. It also says that the average organization experiences 9.3 insider threats per month.

We’re all human; we commit mistakes. But there are a plethora of people who are trying to take advantage of single silly mistake which can cost your business tremendous financial loss. Advanced technology and security practices, no matter how sophisticated, will always be constrained by this human factor.

Often organization frequently forgets the menacing danger that insider threats can cause.

Image for post
Image for post

Why do perpetrators target employees?

· For IP thefts such as; thefts of source codes, contractual information, employee details, client details and other confidential data

· To demand ransom by encrypting the data and files.

· Corporate Espionage or blackmails

· To malign the public image of the firm

· To disrupt some service thereby causing substantial damages on large scale.

Malicious attackers generally use the means of social engineering to target various verticals like healthcare, consumer internet, telecom, cloud services and e-commerce. BFSI and Healthcare Industries are major targets of hackers to capitalize on the negligence of employees.

Social engineering is an act of exploiting the human behavior to fulfill malicious intent. In fact, around 60 percent of businesses got trapped in a social engineering attack in 2016.

How to reduce the vulnerabilities

• In-depth training should be provided to your employees to ensure the awareness of different attack vectors.

• Regular People Risk Assessment of employees can reduce the cyber risk considerably

• To use incentive mechanism to foster the Employee for attention towards security aspect.

• Periodic Vulnerability Assessment and Penetration Testing (VAPT) reduces threat-posture of your organization.

Enterprises that don’t give priority to proactive security awareness or risk assessment are doomed to spend hefty amount on mitigating PR nightmares from scandalous data breaches.

According to Russ Verbofsky, CIO & CISO at the New Mexico Department of Game and Fish, You can pay me today or tomorrow. But tomorrow includes a press release describing how we weren’t proactive in protecting our data and systems.”

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store