According to a recent report by Microsoft, the number of internet users will double to about four billion by the year 2020. Likewise, organizations are becoming increasingly more dependent on technology, and with this trend comes a large number of cyber-security threats.
When I say “threats”, we’re not just dealing with the archetypal basement bandits that we tend to associate with cyber-crime, but with our own employees. Whether it be Jack from HR or Jill from accounts, employees are still the weakest link when it comes to cyber security. They behave unpredictably, and many are simply not aware of the dangers that exist.
Why People Are Still the Problem
Despite warnings, employees are still opening email attachments from untrusted sources, adopting poor password practices, sending sensitive data to the wrong recipient and generally failing to safeguard the devices and data they have access to. Employees either fail to listen to the warnings, or simply ignore them, and some resent being told what to do. Even if they do pay attention to the warnings, it only takes a brief moment of weakness for a security incident to unfold. To make matters worse, cyber-attacks are becoming increasingly more targeted.
These days using social media applications such as LinkedIn and Facebook, it is trivial for hackers to compile information about specific employees, including information about their colleagues. They can use this information to either emulate a colleague in an attempt to extract further information, or they can sell the information on the dark web to other criminals looking to do the same. Some people actually make a living from scraping personal data and selling it in this way.
Is it All Your Employees’ Fault?
Of course, employees aren’t the only ones to blame, as the companies themselves don’t always help matters. They’re often more focused on improving sales, cutting costs and meeting deadlines than improving their cyber security posture. A lot of managers still perceive cyber-security as a nuisance. Many organizations are failing to audit their sensitive data, failing to enforce a strong password policy, and many still don’t have an incident response plan in place. Additionally, a lot of organizations fail to take cyber-security into account during the on-boarding process. Educating employees is also another area which needs a lot of work. However, as mentioned before, employees are not always receptive to such training, as it is often seen as a burden that gets in the way of their day-to-day tasks.
Developing a security culture where employees adhere to security best practices without thinking, takes time, effort and resources. Simply mandating employees to adhere to company policies is not the most effective approach. Instead, the IT department should try to reason with staff members to ensure that they are willing to engage. The IT department may also need training to improve their people skills. In addition to developing a culture of cyber security, organizations will need to ensure that they have the right technologies in place to be able to identify insider threats.
A Solution That Could Help
While it is true that technology alone is not enough to keep our data secure, it can still be very useful. Not only that but given the worryingly short supply of cyber-security professionals relative to demand, having an arsenal of security technologies is often the most viable option. Most reasonably tech-savvy people understand about Firewalls and anti-virus solutions, which are capable of blocking most simple attack vectors. However, relatively few people know about more advanced solutions such as DCAP (Data-Centric Audit & Protection), which have become increasingly more sophisticated and affordable in recent years.
DCAP solutions enable real-time monitoring of changes to privileged accounts and the sensitive data they have access to. They can be used to detect suspicious file/folder activity, manage inactive user accounts, automate the process of rotating passwords, and a lot more. Additionally, some of the more advanced solutions provide “threshold alerting”, which can help to detect events that match a pre-defined threshold condition, such as multiple failed login attempts or bulk file encryption.