The Human Factor – A Weak Link In Cybersecurity
Technologies simplify the day-to-day and improve the efficiency of organizations. But as they progress, they pose security challenges, primarily because of the human factor, by all accounts. A recent report from Verizon confirms it again; 85% of cybersecurity breaches are caused by human error. The main result of these critical business data vulnerabilities amounts to billion-dollar losses worldwide, which, according to recent estimates, could exceed 10 trillion dollars in 2025. As a result of ransomware alone, the impact for entities could exceed 265,000 million dollars, according to the same source. These are all alarming numbers, and the human factor could make a difference in reducing these numbers, as shown by forensic studies.
Cyber resilience technologies face attacks like the one recently suffered by a giant like Uber, which even those responsible have not even been able to quantify economically and operationally. According to the attacker himself, he accessed the Uber system by deceiving one of his employees with social engineering techniques and contacting him through a simple WhatsApp. He posed as a worker from the Information Technology area and obtained the credentials to access the company’s internal network via VPN.
But, this is not the first leak suffered by Uber as a result of a cyber-attack.
How To Mitigate Security Breaches
This new teleworking scenario has added new variables to the cybersecurity equation, a procedure where human value is of great importance once again. For this reason, the company recommends a series of measures to mitigate the gaps caused by teleworking:
- Establish clear guidelines for the use of personal devices. One of these policies should be to keep the equipment updated regarding security patches.
- Implementation of technological solutions that protect essential services and daily use, such as web services, mail and antivirus protection
- Clear policies for remote work. A defined “remote work” or “telecommuting” policy is essential if the company allows staff to work from locations outside the office.
- Training and best practices. Having a policy and supporting it with the right tools is essential, but educating and training employees on best practices will help explain and describe why they need to follow the policy and use the tools.
Training personnel in cybersecurity issues is critical since it helps workers to remain alert daily, knowing how to identify a threat, what they have to do and how to act in these scenarios. Another important aspect of this training should focus on social engineering attacks, which comprise around 98% of all cyber attacks.