The topic of cyber security is never an easy subject. The breadth of solutions needed in this day and age to thwart attackers is at an all-time high, while breaches seem to be climbing exponentially driving the need for solutions.
However, through media and marketing, the belief is that the greatest enemy to cyber security is the nefarious dark-hooded hacker eagerly poised over a laptop, working feverishly to hack your system by outpacing perimeter defenses. And though this makes for good media fodder and the occasional Hollywood movie, the reality is that there is a far bigger and more serious threat to companies—and it comes from within.
For every breach that happens, the majority are caused by people who work inside the company. And though that sounds frightening—and so it should—the one thing to be clear about is that statistically speaking it’s based primarily on people being asleep at the proverbial switch—not on malicious intent.
In fact, human error is the root cause for breaches, accounting for more than 50% of all so-called hacking incidents. It's this error that also accounts for an estimated average data breach cost of $150 million in North America, with the global annual cost forecast to be $2.1 trillion.
The worst part of all this? The errors are downright comedic in nature and could easily be solved. The top four causes being weak passwords, sending sensitive information to the wrong person, sharing passwords and, of course, falling for phishing scams.
As it pertains to weak passwords, it's beyond simple to fix. And for those interested I wrote an article on that very topic just a few weeks ago—you can read more about it here: Make your password simple so that it's harder to hack. Wait ...what?
Then there is the sending of information to the wrong person—we've all done it. You choose an email from a dropdown as you type, but fail to notice that the Jane Smith you meant to send the report to internally was actually a Jane Smith that you barely know. The solution there is nothing but due diligence. A two-second check as part of your good email habits and that issue goes away immediately.
Now, as for sharing passwords—seriously, do I need to even speak to this? It's 2019, this should never happen. A good education system paired with 2FA will solve this in a New York minute.
Lastly, there is the issue of phishing scams. This is a tough one as some of the scams I have seen recently are getting pretty hard to detect. Now, of course, there are phishing solutions. Real-time phishing simulations are a fast and effective way to educate users and to increase alertness levels to attacks.
The secret here is ensuring that the educational factor is top priority. And, in some ways, I honestly feel a bit of a heartbreak when it comes to educating people on cyber security practices—it ultimately means that people's good nature and trust of the outside world is tarnished. The mindset of not trusting anything that lands in your email, links on websites, and more, is against most people's nature. The unfortunate reality is that we must all work to be far more jaded and mistrusting of the digital world.
Finally, there is the other internal threat of the malicious actor. There will always be the risk of someone having ill intent, wanting to either expose a company's data for some sort of gain, whether social, political, or just for money. That, of course, is an entirely different topic that is better discussed in another article.
But for the average person sitting at their desk every day, committed to their company and their job, mistakes will and do happen. It's simply a matter of a few right tools paired with education to mitigate the risk—drastically reducing the chances of an innocent but present enemy within.
December 14, 2021
LOG4j Vulnerability: What You Need to Know to Protect Your Network
This week, cybersecurity and IT teams around the world are scrambling to protect their networks and data from the Apache Log4j vulnerability. This high-risk vulnerability, which has the potential to affect millions of Java-based applications, is being actively exploited, causing a full-blown,...
October 28, 2021
Sacha Gera, President of IT and Cyber Solutions, weighs in on today's top cybersecurity threats faced by businesses.
The Ottawa-based leader and Forty Under 40 recipient has nearly twenty years of experience in SaaS industries, professional services and M&A, working in technology for both start-ups and large multinational organizations, such as IBM, Nortel and CGI. Sacha joined Calian in September...
Case Study | COVID-19 Response Services
COVID-19: Resources Available for Crisis Response
Calian’s team of emergency management specialists and healthcare professionals are available to support your COVID-19 response. Read more about our services: