Human error has been highlighted as a major contributing element to cybersecurity vulnerabilities for years. It is a long-standing concern in cybersecurity breaches, thus requiring all enterprises to remain watchful and train their personnel on how to alleviate this risk.
According to The Verizon Business 2021 Data Breach Investigations Report, 85 percent of breaches involved a human element, while over 80 percent of breaches were discovered by external parties. With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times compared to the year 2020. Additionally, breach data showed that 61 percent of breaches involved credential data (95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year).
As further noted by Tami Erwin, CEO of Verizon Business, the COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing. As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.
Employees and users’ unintended acts – or lack of action – that originate or propagate a security breach cover a wide variety of behaviours, from downloading a malware-infected attachment to failing to use a strong password.
End-users often make mistakes because they don’t know what the appropriate course of action is in the first place. Users who are unaware of the risk of phishing are significantly more likely to fall prey to phishing efforts, and those who are unaware of the risks of public Wi-Fi networks will have their credentials harvested rapidly. Businesses must recognize that compromised credentials linked to privileged accounts are frequently the initial step in a ransomware attack.
“Threat actors are chasing larger paydays and finding new vulnerabilities in a wide variety of targets, while many organisations are struggling to bring their cybersecurity up to standard for hybrid work,” said John Donovan, managing director ANZ, Sophos.
How should businesses address this challenge?
To reduce the possibilities for such errors, organizations need to understand why human errors occur and educate users on the consequences of their mistakes. Below are the measures we recommend.
- Businesses must adjust their cybersecurity mindset and embrace a new paradigm that assumes they will be hacked. As a result, it’s critical that leaders invest in the right end-point technology for a firm cybersecurity posture, as well as focus on resilience and recovery.
- Staff cybersecurity education must be prioritised by businesses in order to foster a cyber-aware culture. Educating and training staff on what security actions should be implemented before and during an attack is critical to lowering the number and severity of future security breaches. This entails ensuring that staff have secure online habits and practices in addition to the technology that has been introduced to successfully prevent cybercrime.
- While the specifics of how the systems and software in most reported breaches go unknown, the common means for attackers to get access include exploiting security vulnerabilities in code and security misconfiguration, both of which can be prevented by security-aware developers. Organisations must offer thorough training in secure code development and have every developer take responsibility for security.
- Threat actors have turned to social engineering, usually using email and compromised credentials, to gain access as perimeter defences have become more robust. The concepts of least privilege and segmentation are very effective in limiting the effects of a breach.
- Businesses must understand that compromised credentials are frequently the initial step in a ransomware attack. They should invest in multi-factor authentication, as well as password management systems that assist identify, manage, audit, monitor, and safeguard the credentials of privileged accounts.
- To help thwart malicious cyber incidents and reduce their impact, businesses should adopt next-generation data management capabilities that enable them to use immutable backup snapshots, encrypt data in transit and at rest, enable multi-factor authentication, detect potential anomalies using AI/ML, implement zero trust principles, and reduce their overall data footprint caused by mass data fragmentation.