Everyone is now more than aware of the external cyber threats which exist. What is also becoming common knowledge is the fact that they’re increasingly difficult to prevent. The complex and unpredictable nature of current attacks make them hard to prepare for. A consequence of this is that many businesses are now focusing more on how to respond to a breach, as opposed to stopping it at the source. Many are starting to accept that a cyber breach is likely to occur at some stage, and that is altering where they’re placing their emphasis.
However, even though external threats are alarming, businesses are continuing to neglect the internal risks which are creating numerous problems. A recent survey has found that 58% of cyber claims are attributable to employee behaviour, such as negligence, accidental disclosure and lost or stolen devices. Furthermore, once you incorporate the vulnerabilities being caused by the skills shortage in cyber security, nearly 90% of breaches are linked with human factors.
Not acting on the warnings
Conversations surrounding the internal threats caused by employee behaviour is nothing new. It’s a subject that’s been discussed heavily over recent months, yet many businesses are still not taking action. Problems continue to emerge through this avenue, highlighting significant shortcomings. Clearly, not enough is being done to drive awareness of potential cyber threats to staff members. Every employee must be made crystal clear about the risks they may encounter, and the potential damage that can be caused.
Although there have been malicious cases, most of the time, employee breaches are purely accidental. This can be in the form of unwittingly opening a phishing email, or entering an unauthorised site. These are classic mistakes, and they’re completely avoidable. To prevent these errors from occurring, businesses need to start investing time into training employees on the pitfalls to be aware of. Once they have an understanding of what not to do, the likelihood of them being caught out in the future should decrease.
There really is no excuse for internal cyber threats to be causing headaches for businesses in 2018. It should be made a priority that IT leaders are holding workshops to train those non-technical employees on the best practices to ensure cyber safety. If a business does not possess such experts, they should give serious consideration into hiring qualified cyber security professionals. Either way, they must make sure that internal threats are stopped, as unlike external threats, they can be controlled.