People are the greatest security risk to organisations’ systems and data, says Sebastiaan Rothman, Manager: Cloud Security & Compliance at Altron Karabina.
“Although there are a multitude of technology security solutions out there, cyber-attacks are still rampant, and organisations are constantly fighting against these malicious cybercriminals.”
“But technology can only help so much”.
The cyber-attack of the day is Ransomware – hacking into an organisation’s system and stealing data or blocking access to the data by encryption and demanding payment to release the data or else this sensitive information will be leaked on the internet.
Most of these are a result of social engineering of which phishing makes up close to 80%.
It is estimated that ransomware attacks in 2020 were more expensive than the average data breach, costing $4.4 million on average.
It’s all about money and financial gain.
One of the reasons for the growth in cyber-attacks is the pandemic and the increase of remote access and people working from home (WFH).
Every connection to your organisation’s environment is a potential backdoor for cybercriminals to gain access to your data.
According to The McKinsey Global Institute, 127 new devices connect to the internet every second and it has been the same situation for organisations as employees started working from home and connecting desktops, laptops, and smartphones to the internet to access the organisation’s environment.
“Despite this alarming growth in security threats we still see companies that do not consider cybersecurity a priority,” Rothman notes.
According to an IDG Research Services survey commissioned by Insight Enterprises, only 57% of organisations conducted a data security risk assessment in 2020, during the height of the pandemic and employees working from home.
Altron Karabina can assist with security assessments and help to maximise organisations’ Microsoft security footprint across the entire business.
The move from virtual private network (VPN) access to a complete cloud environment is on the rise, and with it comes more security, but it still has its vulnerabilities and is not 100% foolproof.
“Your employees remain your biggest risk for cybercriminals to gain access to your sensitive data and it takes only one click on a compromised link in an email from a friend for the damage to be done,” Rothman explains.
“It is crucial for companies to foster a culture of cybersecurity in the business. It is however not as easy as you might think.”
“After implementing critical security controls with end-point protection and regular cybersecurity training for employees, there is still a gap,” he adds.
How do you let every employee, irrespective of their level in the organisation, know what the impact of a cyberattack on your company could be?
Simply telling employees that the organisation’s data can be held ransom or completely deleted and that these cyber-attacks cost the company money or can even result in closure, does not seem to change behaviour.
Rothman suggests that it might be time to get more hands-on and show employees the possible impact a lack of security consciousness can have – physically exposing them to the threat and the consequences it can present.
“Why not launch a mock attack on a number of employees (in a controlled environment), locking them out of the system or holding their personal computer and data for ransom and a couple of bitcoins? Put them in the hot-seat, so to say.”
Like the old adage says: ‘those who don’t listen, must feel’.
Expose your employees to feel the brunt of a security breach and how it will hit their pockets when cybercriminals ask for exorbitant amounts of money to return their data and make their problems go away.
Then equate that to the damage the company can experience from a cybersecurity breach to educate employees on what it really means to the company.
“It might seem like a cruel approach, but the threat of cyber-crime and lack of cybersecurity knowledge and understanding requires a harsh approach.”
“The danger is real and if you are looking to avoid the increasing onslaught of cybercriminals on your business, stern measures are needed. It is time to put cybercriminals a step behind, not ahead,” Rothman explains.
The fight against cybercriminals appears to be a losing battle, but with the correct technology and security solutions, coupled with an employee base that has a heightened understanding of cybersecurity threats and the possible consequences, organisations can curb potential damage cybercriminals wish to inflict.