Today, cyberattacks are an inevitable fact, rather than a mere possibility. Almost daily, news comes of another organization seeing its systems taken offline or its data stolen as a result of a cyber intrusion. The nature of modern businesses means that cybersecurity breaches represent a very real threat to their survival, and something that every employee in an organization has a role to play in preventing.
Thales' 2024 Data Threat Report revealed that human factors remain a leading cause of cloud data breaches. Of the IT professionals surveyed, 22% said human error was the most concerning threat. Additionally, 74% considered threats from human error as a key priority. Over the past three years, human error has ranked first or second as the leading source of cyberattacks for businesses.
With so many cyberattacks coming down to simple human error (and with cybercriminals often taking advantage of the human propensity to make mistakes), how can businesses mitigate these people-related risks and protect their IT infrastructure?
Technical Associate Vice President of EMEA Data Security Products at Thales.
Remote work is an additional first line of cybersecurity
Many cyberattacks can start innocuously enough. Phishing emails are a common way: tricking an unsuspecting employee who might have let their guard down into clicking on a malicious link or sharing compromising information, such as passwords.
Passwords have long faced challenges from a security perspective: imposing a burden on users and relying heavily on human memory means the risk of people reusing the same memorable passwords across multiple accounts is high. . While conventional advice recommends issuing long, complex passwords for professional use, the reality is that this doesn't happen enough.
Remote work has given many employees welcome flexibility in how they do their jobs, but at the same time comes with additional cybersecurity risks. Employees are less likely to speak up and express concerns in a remote setting, or from the familiar surroundings of their home with their guard down, and may be more likely to fall victim to a phishing scam. Flexible and hybrid work arrangements are the norm in many industries, but with so much variation in the types of networks employees use to access sensitive documents and data, the likelihood of exposing company data on insecure networks increases.
The impact of data breaches
Whether operationally or financially, the consequences of a successful data breach can be devastating. Businesses can be completely crippled, not to mention additional losses through ransom payments and fines resulting from the breach.
There are also long-term impacts on reputation and customer loyalty, and the brand damage resulting from a successful infringement often lasts a long time. Customers, suppliers and partners can also see their stories covered in the media, multiplying the impact.
From awareness to prevention
Reducing the cyber impact of people-related risks is as much a cultural and behavioral change as it is a technological one. Business leaders must be proactive in making employees understand the role they can (and should) play in protecting both themselves and the organization they work for.
At the same time, any policy that is established must also take into account how people in the organization actually work. If the rules are too strict, employees will look for unsafe shortcuts to avoid them. Whether it's the use of personal devices, email accounts, or unauthorized memory storage devices, what the company has as a policy and what employees end up doing can be very different, and that poses a huge risk.
The human element must be at the forefront of any cybersecurity plan. Employees should be consulted about their preferences when designing protocols, to ensure there is full accessibility and understanding across all job roles and departments within the organization.
Finally, companies can also move forward by auditing and changing the way they authenticate their systems and data. By moving from passwords to biometrics or other more robust, easier-to-use systems such as passcodes, companies can stop relying on the human memory of their workforce and the associated risks.
In a world of evolving threats, no company can realistically consider itself “done” with cybersecurity. But by considering the above, leaders will be on their way to mitigating one of the most common ways organizations are breached and empowering their employees in the process.
We have the best antivirus in the cloud.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
