Employees Are Still The Cause Of Most Cyber Breaches

Uploaded on 2018-02-12 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

In the era when cybercrime is growing by an astronomical rate, is your biggest strength jeopardising your company's cybersecurity?
 
The biggest strength for any company is their Human Capital and it is not unsual that most employees will do something at least once that could place their company at cyber risk. 
 
It is commonly seen that when it comes to transferring and storing of data, dealing with user credentials, backup of files, employees prioritise personal convenience over security protocols.
 
There are many ways which may lead employee to make mistakes and can be the cause of a data breach:
 
Insider malice.
Poor Password Practices
Weak Access Policies
Phishing and Social Engineering
Loss of endpoints
Malware
 
 A few common and some uncommon issuess which can be very costly to the organisations are:
 
1.      Email sent to wrong recipients
It has been reported many times in the past that many data breaches were result of information sent by email to the incorrect recipient.
 An employee at an HIV clinic in London accidentally entered the email addresses of patients in the ‘To’ field in place of ‘Bcc’ field and the organisation was fined £180,000 for the breach of privacy of the patients.
 2.      Sending Unnecessary attachments or information over email
 There are multiple incidents reported where more than the required information sent over email by employee had led to data breach:
According to the Winnipeg Free Press, an employee of the city of Calgary, Alberta, accidentally leaked the personally identifiable information (PII) of more than three thousands employees in June 2016,. The extra information was perhaps provided while seeking technical assistance.
 3.      Using Company resources for personal use
Many employees use office laptops and mobile devices for their personal use which may lead to data breach.
 4.      Insecure Downloads 
 Each of employees is in charge of their own endpoints, and what they download could be a cyber threat to your whole organisation. It is seen that employee many times are not able to differentiate a Trojan-laden file or a risky click to the link sent by an email spammer.
 
 Solutions to these problems are simple to identify but complex to implmenet:
 
1.      Cyber Security Training
2.      Cyber Risk Culture
3.      Awareness
4.      Cyber ethics and Cyber Behaviors
 
And so, organisations should prioritise the cybersecurity objectives and should not invest most of their budget on security products alone, otherwise they still might be leaving their house keys in the main-door lock.
 
Ratan Jyoti is Chief Information Security Officer (CISO) at Ujjivan Small Finance Bank:
 
Ratan Jyoti On Twitter:
 
You Might Also Read: 
 
Bank Data Breaches Are Up And It's An Inside Job:

Cyber Security is Now Business Critical (£):

 

 
 
 
« Flight Ticket Fraud Alert
Blockchain To Secure Storage Of Sensitive Data »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Darkstrike / Qeros

Darkstrike / Qeros

Complete your defense in-depth strategy with Darkstrike, the world’s most advanced quantum-secure and ransomware-proof data platform for any use case, ensuring unconditional data security.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Sandfly Security

Sandfly Security

Sandfly focuses on Linux security that is high performance, high stability, high compatibility, and low risk.