- Security TWENTY
- Women in Security
In cyber security, you’re only as strong as your weakest link, writes Dr Darren Williams, founder and CEO of the data privacy and cyber security product company BlackFog.
For years, businesses have been aware of the dangers that unsuspecting employees can pose on the security of the entire organisation. For example, global tech giant Snap suffered an embarrassing breach in 2016, when an employee in the HR department emailed confidential company data to an individual purporting to be the CEO, Evan Spiegel. When young, tech-savvy companies like this can easily fall victim to these types of scams, what can others do to ensure the same thing does not happen to them?
While no organisation can prevent cyber threats entirely – or make the investment to turn every employee into a security guru – they can protect themselves from the main forms of employee-based attacks by blocking malicious phishing emails, weblinks and online ads. This preventative approach helps to significantly reduce the daily threats coming into an organisation, ensuring that sensitive data stays exactly where it needs to be. At a time where it’s not just the CEO that can be held accountable for letting attackers into the network, with a historic case being brought against an employee in Scotland who is being personally sued for sharing £200,000 of her firm’s money to an online attacker / fraudster, it is more important than ever for businesses and their employees to protect themselves against increasingly sophisticated cyber attackers. Here are three steps organisations can take to protect themselves in the cyber age.
In many situations, cyber-attacks originate from an otherwise innocent employee unwittingly falling victim to a particularly convincing scam. To help mitigate this risk, all employees must receive training to help them identify potential cyber threats. It’s important that employees understand the serious security implications they could pose by making a simple mistake. Ensuring the continued education of your employees with regard to cybersecurity could go a long way in ensuring that hackers get nowhere near company networks.
With the introduction of GDPR across Europe in 2018, any kind of data breach can leave an organisation liable to heavy fines and negative publicity, and as outlined in the case above, employees themselves could be held personally liable for their role in a data breach. As threats grow increasingly more believable and sophisticated, employees must be kept up to date on how to safeguard the data they have access to.
Cybercriminals and hackers grow more sophisticated by the day, and businesses need to ensure that they are investing appropriately into their cyber defences. Gone are the days of obvious email scams filled with glaring typos and outlandish claims – nowadays, cybercriminals are able to send convincing-looking emails and disguise their email addresses to fool you. As in the case of Snap, even the most tech-savvy and well-trained employees can be outwitted.
It’s therefore vital to ensure that your cyber security systems are up-to-date with the latest technology. It’s nearly impossible to prevent hackers from getting into your networks – the focus must be on stopping them from taking the data out. With the latest technology available you can monitor and block confidential and unauthorised data from leaving your device without the appropriate permission.
When it comes to monitoring networks, businesses need to focus on more than just identifying attackers by their fingerprints. They need to take a different approach, and instead look at the characteristics of what makes an attacker different from standard, authorised behaviour.
If an employee within the organisation has, whether maliciously or inadvertently, enabled attackers to enter the network, these attacks will typically use fileless techniques to avoid detection in order to steal data. What’s worrying is that these attacks are ten times more likely to succeed as they leave little to no tracks in the network. Organisations must start detecting attacks based on their behaviour. New solutions are now available to detect and stop the attack at each stage of its life-cycle.
Hackers will never stop trying to access confidential company information, and businesses simply cannot afford the risk of not prioritising cyber security. Defences are only ever as strong as their weakest links, and company execs and IT teams must make sure their employees are well-equipped to handle any potential scenarios to protect the business and its confidential data from being left out in the open.