It’s no secret to IT Security personnel that an organization’s users must understand that they themselves are major attack vectors to those with malicious intent. It is because of this, they need to not only be well versed in knowledgeable of common internet safety, but be up-to-date with the most recent techniques hackers may employ to trick them into unknowingly handing over sensitive materials or inadvertently providing an open door for outside access. Security Magazine‘s Irfan Shakeel takes us down a rabbit hole on the importance of policy and ensuring staff members are well trained and know what to look out for.
To many professionals, it isn’t surprising to hear that in 2023, Verizon’s Data Breach Report found that humans were responsible for 74% of all incidents. Shakeel goes on to discuss how Social Engineering (techniques aimed at talking a target into revealing specific information or performing a specific action for illegitimate reasons) plays a major roll in how hackers go about gaining access to data, stating:
Over 50% of incidents within the realm of Social Engineering, a significant method of cyberattack, involve Business Email Compromise (BEC) attacks. These deception-based cybercrimes highlight the vulnerabilities in human interaction with technology, reminding us that people are often the weakest link in IT and OT cybersecurity.
– Security Magazine
Along with many well-known examples of data breaches among major corporations, methods to mitigate risk are also discussed, such as fostering a security-first mindset, teaching about phishing, among others. Shakeel then harps back to historical incidents, citing the ILOVEYOU worm as an example, to emphasize the recurrent need to address the human factor in cybersecurity. The overall theme of the blog post is stressing the importance of thorough cybersecurity education for all employees and the need to hold any outside contractors to a high standard.
Leave a Reply