With every advancement made in technology, new vulnerabilities are born.
The business world is witnessing an escalation of cyber security threats like never before. A poll recently conducted by security firm Balabit, questioned IT and security professionals from across Europe and the US, and found that 79% of companies in 2017 were hit with a security breach.
A large majority of businesses admitted in the survey that they knew next to nothing about the nature of the security breaches that were plaguing their systems. 52% revealed they were not confident in knowing whether a breach took place or not, meaning an alarming amount of security breaches may have gone by undetected.
Only 39% of the companies polled were absolutely certain they could identify the source of the breach. Which begs the question, where are these invisible threats coming from?
Half of all security breaches are employee-related. In 2017, it was revealed that insider threats cost UK businesses an average of £144,501, according to the Ponemon Institute’s findings. These losses can be attributed to information loss and business disruption, and with the upcoming GDPR compliance deadline, these losses are set to increase dramatically.
Insider threats can be sinister or completely accidental in nature; there is always a difference. As Hanlon’s razor states: “Never attribute to malice that which is adequately explained by stupidity.”
Whilst upset and hostile staff can make up a number of insider threats, most fall into the realm of human error. It might surprise you to know that the biggest problem can come from employees leaving laptops and mobile devices unattended in vulnerable public places.
Many employees are still being exploited by outside forces that manipulate them into carrying out harmful acts to a business (AKA social engineering). Phishing scams, ransomware and denial-of-service attacks are just a few of the threats that can be prevented by robust security measures, but can easily bypass your employees. On a day-to-day security basis, your greatest achilles’ heel will be your staff.
Cyber-crime prevention shouldn’t be entirely localised to your IT department. Instead, it should be incorporated into all aspects of your business. Most experts agree that educating all your employees in the ways of cyber security is vital in securing your network. Coupled with up-to-date technology, a comprehensive training plan for your entire staff might just save your business from catastrophe.
The impact cyber crimes have on business cannot be understated, especially in regards to their size. According to the U.S’ National Cyber Security Alliance, 60% of small businesses fold six months after receiving a cyber attack. With this in mind, SMEs really need to reconsider the dependability of their security strategy.
By simply making your employees aware of the risks and consequences of potential breaches, you’ll prevent many more in the future. Due to the ever-evolving nature of technology, it would also be wise to hold organisation-wide cyber security briefings frequently throughout the year to ensure everyone is comfortable with executing the latest security protocols.