Experts say that “naive” employees are the biggest threat on a company’s cyber security.
While hackers continue to wreak havoc and breach databases of organizations around the globe, experts say they only part of the problem.
“Naive” employees are one of the greatest threats to a company’s cyber security, according to the Cyber Academy, a cyber security consultant group based in Johannesburg, South Africa.
Rudi Dicks, the director of the Academy told IT News Africa that “A data breach can cost an organisation millions of rand and worse, its reputation.”
“Even with excellent information, security teams and robust technologies in place, the weakest link is often a user within the company that has been manipulated by a malicious attacker who is then able to access the sensitive information that the user is authorized to view,” he added.
Hackers continue to find new and innovative ways to attack databases. Common strategies include, phishing, vishing, spoofing, pharming, whaling and ransomware. The success of these hacking methods depends on human error.
For example, an employee might see a phishing email, which seems to offer something that they want or need. That employee then clicks a link, which downloads an attachment, which could infect their company’s system.
Hackers have also used more in-person methods as well. For example, a smart criminal might be able to manipulate staff members and sneak into a company. If they are able to plug a USB drive into any of the computers, they could steal company data. Or the criminal might already be an actual employee like the scandal that occurred at SunTrust earlier this spring.
Generally, experts estimate that more than 90% of cyber attacks are attributed to human error such as these.
Dicks says that employees not only need to be trained to recognize scams in their inbox, they need to able to identify threats in real life.
“Physical security is a basic but often overlooked form of defense,” he said. “Staff must report all strangers they see in the office that are not clearly marked with a visitor’s access card. Access to the building needs to be rigorously managed. Unknown USBs may not be used and sensitive information should be shredded. Password protection policies must be strictly adhered to – people are still writing their passwords on a piece of paper.”
And with the growth of social media, people are more susceptible to cyber attacks and are potentially putting their companies at risk.
It looks like employee education could be the key to ending possible threats.