Employees are the new culprits when it comes to cyber security attacks in organisations
A new employee walks into his first day at work, proud that he is working for a well-known organisation. He has already been connected to his new company’s main systems, and as he waits for his mentor to show him his new role, he connects onto the company’s internet system and proudly updates his new employee status on a social media platform. He inputs all the information from the organisation’s name to his job function, and alerts others of his new status whilst also accepting invitations to connect. So far so good, and this new employee does not appear to have done anything out of the ordinary.
A few days later, the company’s IT department is in complete disarray as they discover that their main system which drives their entire network has been interfered with, and the cost to this system is enough to bring down the entire organisation and threaten to put the company out of business. So what went wrong?
This scenario is occurs all too often, and it is a growing problem which has largely gone unaddressed by over 50 percent of companies – and that is the human element which accounts for a significant proportion of cyber security breaches. The truth is that human error and the lack of understanding of the links between our behaviour around our in-house systems, our personal devices such as cell (mobile) phones or lap tops and the criminals operating in the underworld has become the main contributor to security breaches worldwide.
As the world becomes more interconnected, criminals find it all too easy to take advantage of their ability to hack into organisations’ networks left open by employees who unknowingly leave details on display. The time has come for CEOs, CFO and senior managers to begin the process of raising awareness for their employees about the human interaction in and out of the work place which has so far been poorly or not at all addressed.
A research white paper by OIER Economics has established a number of typical security breaches which have been known to cause the collapse of organisations, and as a result, putting them out of business. The white paper which comes in the form of an e-awareness booklet report shows what these typical scenarios are, and how companies can implement simple steps at no cost to eradicate them. Sadly, many CEOs, CFOs and senior staff are still unaware of what a typical scenario is, and more than 50 percent of organisations have no formal training on this issue. The fact is that cyber security protection has overall been effective in combating cyber crime, so criminals are now targeting the employee and their lack of awareness around systems and their personal devices.
So, do we know the link between the employee’s cell phone and phishing/hacking, five minutes after starting a new job? How would a criminal link the two? How does social media, such a common form of communication link to criminal activity from the outside world? What about the mobile devices such as laptops we use so innocently, and how can criminals connect our use of these devices to their criminal activities?
The OIER conducted extensive research of 2000 companies with some interesting results. When asked, the research showed that only a small percentage of people believed that the miss-use of social media can result in security breaches. As a result, the OIER has put together a full list in an extensive e-awareness booklet detailing every type of breach where employees are the culprits – and many of these would not appear in the forefront of an employee’s mind if asked about their understanding on this subject, the research suggests.
The OIER’s compelling paper is entitled: ‘Criminals at Work: The human aspect to cyber security and the need for controls around people’. This document is an invaluable awareness document, and the research within it contains incredible admissions into the behaviour of senior executives and other employees around devices and in-house systems which put their businesses at risk. The document includes an interactive training manual. The cost to replace an entire network can be enough to bring down a business, but it is free to raise awareness in-house. Humans are the final layer of security as opposed to complex and expensive technology.
The full e-awareness booklet report can be downloaded here.