Human error, the leading cause of cybersecurity breaches — study
LACK of skills among employees is a critical barrier holding enterprises back from implementing threat management more effectively, a new study on cybersecurity showed.
Based on the 2018 Cyberthreat Defense Report, a joint study by the CyberEdge Group and cybersecurity services firm Imperva Incapsula, the lack of skilled personnel and low security awareness among workers are the top two barriers that inhibit companies from adequately defending themselves from cyber- attacks.
“Threats are constantly evolving and the chances of being attacked are increasing significantly as enterprises everywhere integrate new web- facing technology into their day-to-day systems,” Niño Valmonte, director for marketing & digital innovation of IP Converge Data Services, Inc. (IPC), Imperva Incapsula’s cybersecurity services partner, said in a statement.
“New types of attack methods are always emerging, and a single employee oversight can make or break a company. This study reveals how it is imperative to keep pace with the threat landscape as it evolves and continue educating ourselves on the latest attack methods,” he added.
HUMAN ERROR AS TOP RISK
When asked on what type of attack companies are most concerned with, the respondents’ answers revealed that the top three are Malware, Ransomware, and Phishing — threats that commonly enter a computer through the negligent actions of the user.
These three attacks often spread through spam e- mails that contain malicious attachments. Opening the e- mail will end up installing the threat into a computer. What’s more devastating about this is that once installed, most of them are programmed to automatically send themselves to the mailing list of an infected computer, thereby spreading itself further. Other common sources of the top three cyber threats are malicious files hidden inside downloaded files and software, and through a method called driveby downloading, which occurs when malicious programs are automatically downloaded by visiting an infected website.
“Cybercriminals often use trickery to get people to unknowingly download malicious files. This can be an e-mail with a file attached that tells you it is a receipt for a delivery, a new tool for a web browser, or even a bogus antivirus program that has malware hidden inside. These are just a few examples of how attackers can infiltrate a network that every company and its employees must know about,” Mr. Valmonte said.
In order to avoid these threats, IPC recommends that businesses conduct constant training in order to instill the right skills, awareness, and the “cybersecurity culture” required in workers to fight against new and evolving threats.
• Practices in keeping a computer clean, including sensibly limiting the programs, apps, and data that can be downloaded and installed, and speaking up whenever a computer exhibits strange behavior;
• Using long, strong passwords that has the combination of uppercase letters, lowercase letters, symbols, numbers, and changing them routinely;
• Recognizing and deleting email messages with suspicious subject lines and links;
• Constant and consistent backup of files and/or applications;
“By starting with these steps, a company can already drastically reduce the installation of malicious programs within their network,” said Mr. Valmonte.
The study was conducted in organizations with more than 500 employees worldwide.