Humans Still #1 Security Threat to Business

When it comes to human nature, many believe “people will be people.” That’s all well and good, but when it concerns running a business with smart cybersecurity, human nature is still the biggest problem. For a business of any size to be cyber-resilient, a lot of bases need covering. It takes an ongoing commitment to innovative security technology, but many still overlook their most vulnerable asset – employees. For all the investments in cybersecurity a business makes, just one employee misstep can destroy even the best-laid plans.

Security experts have known for many years that staffers present a huge roadblock to cyber-resilience. It’s no secret that 60% of small-to-midsize companies are out of business within six months of a security breach. Disgruntled and ex-employees bent on doing harm is always a security concern. Stealing sensitive data and injecting malware into systems are real concerns for an employer, unaware there may be a staffer bent on revenge. With all thing considered, employees (many using poor cybersecurity practices at home) pose the biggest threat of all.

Employee weakness is a multi-layered issue of concern. Companies with a BYOD (Bring Your Own Device) policy are truly playing with fire. They may be saving money by not buying devices, but it opens the door for hackers to inject ransomware and other malware into a data system. Whether it’s a BYOD disaster waiting to happen or simply a staffer reusing passwords on a company device, overlooking the importance of employee cyber education can be fatal for a company. The future success of an organization may very well depend on a cyber-savvy staff.

According to the latest IBM X-Force Threat Intelligence Index “Some of the most common scenarios included basic misjudgment. These include employees storing intellectual property on their own insecure personal devices and end systems and employees and insiders falling for phishing emails that resulted in account takeover or access to sensitive data.” It’s estimated that recent ransomware attacks alone cost companies over $8 billion globally.

The massive Equifax breach exposing Social Security Numbers, financial account data, and other sensitive information of approximately 145.5 million customers happened by failure to apply a simple security patch. The undisputed culprit? Human error.

Another report by IBM, Cyber Security Intelligence Index, finds 60% of all cyberattacks reported were caused by insiders – both malicious and unintentional employee error. No matter how it’s divided, employees are the still the biggest cause of cyberattacks in modern cyber history.

Continued cyber-vigilance by any organization is necessary to survive malicious attacks and, well, survival in general. The importance of continuing employee education keeping staff up-to-date about the latest hacking trends and how to avoid them can never be overstated. Even cutting-edge security systems can be undermined by an employee clicking on a phishing email or malware-laced attachments. The ideal scenario is a combination of bolstered security systems and cyber-savvy employees. It’s an investment that’s well worth it, especially when a business considers the alternative.