Are your staff the biggest cyber threat ?
Technology continues to drive the pace of change and anyone in business is constantly exhorted to “get more connected” – AI, robotics, Industry 4.0 to name a few examples.
To state the obvious – if we increase our reliance on data systems without a corresponding (or greater) investment in protecting that infrastructure we become desperately vulnerable to anyone with even basic IT skills. Moreover, the advent of GDPR has added a legal implication to an already onerous financial one.
Verizon – one of the world’s largest communication companies – have recently published their 2018 Data Breach investigations Report. It makes scary reading:
- 73% of attacks were by outsiders – usually organised criminals. Which means that the rest somehow involved staff.
- Only 3% of breaches were discovered immediately. 68% of breaches weren’t discovered for months.
- Web apps were the biggest culprit.
- 4% of staff will click on a phishing campaign. Verizon’s report states ‘incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.’
- 31% of cyber attacks in professional service companies involved staff but in healthcare this figure rose to a massive 56%. To be fair, staff are often unwitting participants rather than collaborators.
- Most attacks are speculative but in the manufacturing sector 86% are targeted, mainly to steal IP or R&D data.
Imagine a building with heavily protected doors and windows but once inside anyone can roam unhindered and unchallenged. Many IT networks are similar, with robust external firewalls etc but few internal controls. Verizon’s report suggests that – sooner or later – some imprudent or unlucky staff member will allow a malicious outsider access to your network. Let’s hope not, but if this happens what measures does your network have to limit how far they can roam ?
Following some serious cyber attacks in 2009 many large corporations have adopted a “Beyond Corp” approach, assuming all attempts to join a network are hostile. Some of the security checks are very subtle – detecting which hand you hold your phone in, for example. Read more about it here.