Cyber security is no longer just a technology challenge—it’s a test for everybody who uses and interacts with technology daily. That means: everyone in your organization.
The protection and security of employees’ work and personal lives are no longer separate. They have been intertwined with evolving trends of social networks, the internet of things, and unlimited connectivity. Because of this, cybersecurity is no longer just the responsibility of the company IT department. It is now the responsibility of every employee, not just to protect their work assets but their personal data as well.
Failure to do so puts your organization at risk.
Cyber attackers do not care about age, gender, race, culture, beliefs or nationality. They attack based on opportunity or potential financial gain. They attack irrespective of whom the victim is, whether it’s an 8-year boy at home playing computer games on dad’s office laptop or an employee sitting in the office reading emails.
So why are so many organizations experiencing cyber breaches?
Cyber breaches occur because of three major factors:
- The Human Factor
- Identities and Credentials
Today people are sharing a lot more information publicly, ultimately exposing themselves to more social engineering and targeted spear phishing attacks. The goal of these attacks is to compromise devices for financial fraud or to steal identities in order to access organizations that employees are entrusted with protecting. Once an attacker has stolen a personal identity they can easily bypass an organization’s traditional security perimeters undetected, and if that identity has access to privileged accounts, the attacker can carry out malicious attacks in the name of that identity.
Employees power up devices daily and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get health advice, share their thoughts, and access their financial information. As they use these online services they can quickly become a target of cyber criminals and hackers. So, it’s critically important that everyone in your organization learns how cyber criminals target their victims, how to reduce their risk, and how to make it a lot more challenging for attackers to steal their information, identity or money.
When using services like social media people are often inadvertently sharing personally identifiable information—both physical and digital—like their full name, home address, telephone numbers, IP address, biometric details, location details, date of birth, birthplace, and even family members’ names. The more information they make available online the easier it is for a cyber-criminal to successfully use that personal information to target them.
Did you know these facts? Cyber criminals and hackers spend up to 90% of their time performing reconnaissance of their targets before acting, meaning that they typically have a complete blueprint of their target.
With the increase in our digital activities, hackers and cyber-criminals have changed the techniques they use to target people, with email being the number one weapon of choice, followed by infected websites, social media scams, and stealing digital identities and passwords. Reports and statistics in the past years have shown that more than 80% of data breaches have involved an employee as a victim—hackers claim that it is the fastest way to breach a company’s security controls.
This means that people—including your own employees—are on the front line of cyber security attacks. Threats can start from something as simple as a personal social footprint, and end up with individuals being used as a mule to gain access to your organization’s finances and sensitive information.
The time has come to create a balance between technology and people. We must increase our cyber security awareness to help us protect and secure both our personal assets and our company assets. The time for a people-centric cyber security approach is now—which means that cyber security is everyone’s responsibility.
About the author: Joe Carson is a cyber-security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).
Source: infosec island