Data breaches now cost an average of $3.92 million, according to a recent study by IBM and Ponemon. In view of the high risk, companies should strengthen their technical measures, but above all also involve their employees.
The smart devices of modern offices and the Internet of Things (IoT) offer hackers a wider range of attack vectors to infiltrate networks. For organizations looking to optimize their protection against cybercrime, the best approach appears to be a combination of measures that address both technology and people. A seamless defense against attacks cannot be created until it involves technologies such as artificial intelligence (AI) and machine learning (ML) as well as human firewalls.
The numbers problem
Attacks on devices used for both business and personal purposes are particularly effective.
The number of devices connected to the Internet (smartphones, laptops, tablets, speakers, TVs, etc.) is increasing day by day. According to Gartner, there will be more than 20 billion such devices worldwide by the end of this year. Personal devices such as laptops, tablets and smartphones are often used in both personal and work contexts due to portability and connectivity. Smartphones, in particular, are often used for both purposes, for example, checking business email on personal smartphones, using messaging apps on the business phone, or doing any activity on a phone that was intended to serve both purposes in the first place. This mixing complicates security and increases the risk of human error.
Train spawn is the leading cause of more than 90 percent of security breaches Phishing attacks are particularly effective in a multi-purpose device environment, as one employee can compromise the entire office network by attacking his or her personal device. The attacks are very popular with cybercriminals because they target people’s emotions, which lead to hasty reactions. For example, if someone receives a tax refund message with a high degree of urgency and he/she is not adequately educated about cyberattacks, or not educated at all, the risk of confidential data falling into the wrong hands is high.
Recent regulations such as the European General Data Protection Regulation highlight the importance of vigilance and data protection. Although regular media coverage aims to make people aware of such scams, they regularly fall victim to these attacks. It is clear that more needs to be done. Yet, despite evidence that it is the creation of a human firewall of educated employees* that can make the difference between a secure workforce and a vulnerable one, training is not a top priority for many organizations.
Build the defense
Employee training should be a key part of cybersecurity training protocol and should include the entire workforce, from entry level to management. At this point, however, we should warn against superficial and one-off measures. A company-wide seminar or webinar that anyone can listen to can supposedly save time and effort, but its impact fizzles out very quickly. It’s much more effective to teach cybersecurity with hands-on lessons and humor, as the content is often very technical and difficult to internalize.
For better security, a communication channel should be established between the IT department and the users.
A common method is for the company’s IT department to send a simulated phishing email to all employees. This email should be structured in the typical manner for these scams. Using the simulated email, IT can track who opens the email and how widely it is distributed in business processes.
You should then send an email to the entire organization, stating that the email is a test. At the same time, give an overview of the results in percentages, for example, that 5 percent of management entered their personal data. Those that fail the test should receive more detailed feedback from the IT department. To ensure that employees are aware of all potential warning signs, these tests should be performed at regular intervals. In this way, you establish a communication channel between users and IT so that employees can quickly and proactively respond to fraud attempts and notify IT immediately.
Comprehensive technology
The human firewall is a very effective defense, but even the most sophisticated and highly trained organization could not protect an entire network without the help of technology. That is why human efforts and technology should be combined. Finally, the advancement of technology is not only the biggest trigger for security issues, it also equally provides the necessary solutions. Recognize in this context
Technological advances cause most new cyber threats – and also provide most solutions. But not for all.
Using simulated phishing emails, IT departments can track employee* responses to the fraudulent email. However, if machine learning and AI algorithms are also used, the patterns of associated network traffic can be analyzed, content from multiple emails can be examined, and this data can be compared to a continuously maintained repository of malicious content in near real-time. This speeds up the detection of a threat and the initiation of protective measures many times over. This is not the kind of speed that people can do on their own.
Conclusion
No organization is safe from cyberattacks. Cybercriminals are not choosy and will try to exploit any security vulnerability. Organizations cannot be complacent and should prioritize both technical tools and human firewalls in their budgets and training protocols. Technology is quickly adapted and updated. Companies that are able to track these developments and fully train their employees have the greatest chance of defending themselves against cyberattacks and preventing bad press, loss of trust and large fines.