Did You Know Employees Are the Biggest Threat to Cybersecurity?
We’ve seen the headlines featuring massive security breaches, state-run hacking attempts, and ransomware plagues spreading across the industry like, well, the plague.
And while the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system is much more boring: it’s your employees.
In fact, the overwhelming majority of breaches today can be traced back directly to employee negligence according to Tripwire.
We’ll take a closer look at this insider challenge cyber security professionals from all of the world are facing, and what you can do to create a more cyber aware workforce.
How Bad Is It?
IT workers have always known that employee negligence was the source of a variety of security issues – from forgotten and misplaced passwords to ignored retention policies and unsecured devices. But how bad has the problem really gotten?
A new report from security firm Netwrix paints a bleak picture of the actual gravity of the situation. Researchers found that IT workers in the government sector overwhelmingly think that employees are actually the biggest threat to cybersecurity. In fact, 100% of respondents said so.
In 2016, over half (57%) of security incidents in government were caused by human error. Beyond that, employees were also the cause of 14% of system downtime in those same situations. What’s more, insider misuse was the source of a security investigation for a whopping 43% of IT professionals.
This problem isn’t confined solely to government entities either. IBM’s 2016 Cyber Security Intelligence Index reported that of all cyber-attacks reported for the year, 60% of them were caused by insiders. True, 75% of these were driven by actual malicious intent and the other quarter was due to negligence alone. But still, the fact of the matter is that employees are the primary cause of cyber-attacks in the modern world.
A Problematic Infrastructure
Part of the problem stems from deep structural problems associated with most IT departments today. A dwindling workforce makes it tough for IT professionals to keep up with actual operations procedures, let alone make time for preventative cyber security measures and compliance.
In fact, 75% of IT employees in government reported that rather than their organization having dedicated cyber security personnel on staff (which is becoming more and more necessary with each passing year), an overworked IT team was left to deal with security and employee compliance.
As a result, 57% reported that they didn’t even have enough time to implement stronger security measures while 54% cited too small of a budget. The problem, then, is twofold: not only is there not enough manpower to carry out such compliance measures, but also, there isn’t enough support from senior executives in the endeavor either.
4 Tips for a More Secure Workforce
Employees are undoubtedly one of the biggest problems when it comes to cyber security. And as with any other vulnerability, it will take work to fix it. But don’t worry, change is possible.
Here are 4 tips from TechRepublic to help you create a more cyber aware workforce:
- Win Over The C-Suite: Implementing large scale change requires a significant amount of backing from company executives. Not only do you need the proper funding for such efforts, you also need a corporate ethos that actually believes in the cause. Otherwise, it’ll be just another seminar for your employees to ignore.
- Foster a Cyber-Aware Culture: Early and continual cyber awareness is the key to a well-informed workforce. Begin cyber security training during onboarding, conduct regular evaluations, designate cyber security advocates in each department. The tighter and more aware your company culture is when it comes to cybercrime, the better you’ll be at preventing it.
- Incentivize: Attach some reward to calling out a security vulnerability. Conduct monthly phishing test runs with a prize for those who identify it. As with anything else, catering to a bit of self-interest can do wonders for engagement.
- Connect Office Security to Home Security: One of the best ways to inspire action is to drive home how an employee’s non-work life can be impacted by data insecurity. The same principles they apply at home will likely carry over into the workplace.
Building a More Secure Workforce
You wouldn’t expect employees to be the primary cause of cyber security breaches, but as the data shows, they have a bigger hand in the matter than most people would like to believe.
As such, companies looking to increase their security against cyber-attacks need to start putting more of an emphasis on a culture of cyber awareness while at the same time equipping their IT departments with the necessary resources and staff.