Is The Future Cyborg? Waking Up to the Human Error Risk in Cyber
Security
By Stuart Peck,
Pre-Sales Manager, ZeroDayLab
Human achievement is incredible, just look at digital technology and
the internet, but people can also make mistakes. When APTs are increasing and targeting
weaknesses in staff and suppliers to overcome improved technical defences; can
organisations control the risk of human fallibility or is the only answer to
employ cyborgs?
Since 2012 there has been a 51%
increase in security budgets, yet incidents are up 25% and financial costs of a
breach are up 18% (The Global State of
Information Security Survey 2014, PWC).
The importance of implementing improved security technologies is
irrefutable and this is exactly why exploiting human weakness has become the
lucrative path for cyber criminals from poor configuration and password
management to social engineering and spear phishing.
IBM’s 2014 Cyber Security
Intelligence Index cites human error as a contributing factor in 95% of
incidents. What we regularly see in
businesses is an improved top-level approach employing technology, technical
controls and automation but the technology is in reality just the safety
net. What is lacking is an understanding
throughout organisations of the individual’s contribution to security both on
and offline. To achieve this, a top-down
cyber strategy is required involving a combined focus on people, process and
technology.
People as the First Line of Defence
When human error can happen even
within IT teams who know best (we regularly come across admin accounts with
passwords set as ‘admin’) how do you motivate your privileged insiders, staff
and third party suppliers to be the first line of defence?
Current office culture creates a
belief that it is IT’s role to protect the organisation, not staff members or
third party suppliers. Simple things
such easy-to-guess passwords, carrying data on USBs, leaving desktops unlocked,
or opening attachments may not be something people may be aware of.
Organisations winning the fight
with human error have shifted their focus to processes and training in four
areas:
1) People
Regular education programmes are key; highlighting the individual’s role in
security, the latest threats and how they target people (both on and offline),
policies, procedures and just as importantly the consequences of human error;
namely fines, reputation/brand damage and loss of business. Tailor it to departments and roles and aim to
refresh training at a minimum of every 6 month
2) Processes
Tighten processes and procedural controls from application implementation and
administrator controls, to privileged access, data handling and also physical
office security.
3) Test & Review
Some organisations test their internal controls by sending phishing attacks to
their own staff. That way, they can
identify who would benefit from further security awareness training. Similarly physical security processes should
be audited on a regular basis.
4) Technology testing
Applications and websites develop and change and weaknesses can appear in code
and privileges. Ensure you have a
regular and frequent penetration testing plan to ensure all controls are
properly in place and are keeping pace with changes in the external threat
environment.
Do we need cyborgs? While they might be the ultimate hybrid of
the human and technology, we can mitigate the risk of human error with the
right strategy. To err is human; people,
process and technology is the divine.
We ask this question to you; How do you motivate your users (and other binding parties) to be the first line of defence/IT Security conscious?
Great Article
ReplyDeleteCyber Security Projects Ideas for CSE
Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai
I started playing at simply free online slots after reading reviews from other players and I see that it’s not for nothing. Judging by the number of reviews on the Internet, it seems that only the lazy one did not play here)) Well, by the number of reviews and topics on the forums one can definitely say that this is one of the most popular players
ReplyDeleteSuch a nice article thanks for sharing this with us. Really so impressible and interesting post. You’re doing a great job Man, Keep it up.
ReplyDeleteExcel Training in Chennai
Excel Course in Chennai
Tableau Training in Chennai
Linux Training in Chennai
Oracle Training in Chennai
Advanced Excel Training in Chennai
Graphic Design Courses in Chennai
Oracle DBA Training in Chennai
Pega Training in Chennai
corporate training in chennai
Power BI Training in Chennai
Excel Training in Anna Nagar
Great article with excellent content found very useful thank you waiting for next blog update.
ReplyDeleteData Analytics Course Online
Awesome article with top quality information and I appreciate the writer's choice for choosing this excellent topic found valuable thank you.
ReplyDeleteData Science Training in Hyderabad
With so many books and articles appearing to usher in the field of making money online and further confusing the reader on the real way to make money.
ReplyDeleteBusiness Analytics Course in Bangalore
I bookmarked your website because this site contains valuable information. I am very satisfied with the quality and the presentation of the articles. Thank you so much for saving great things. I am very grateful for this site.
ReplyDeleteData Analytics Course in Bangalore
I have voiced some of the posts on your website now, and I really like your blogging style. I added it to my list of favorite blogging sites and will be back soon ... PMP Training in Hyderabad
ReplyDeleteGreat article with valuable information found very resourceful and enjoyed reading it waiting for next blog updated thanks for sharing.
ReplyDeletetypeerror nonetype object is not subscriptable
Nice Information Your first-class knowledge of this great job can become a suitable foundation for these people. I did some research on the subject and found that almost everyone will agree with your blog.
ReplyDeleteCyber Security Course in Bangalore
Writing in style and getting good compliments on the article is hard enough, to be honest, but you did it so calmly and with such a great feeling and got the job done. This item is owned with style and I give it a nice compliment. Better!
ReplyDeleteCyber Security Training in Bangalore
Fantastic article with informative content. Information shared was valuable and enjoyed reading it looking forward for next blog thank you.
ReplyDeleteEthical Hacking Course in Bangalore
I will very much appreciate the writer's choice for choosing this excellent article suitable for my topic. Here is a detailed description of the topic of the article that helped me the most.
ReplyDeleteunindent does not match any outer indentation level
I'm glad I found this blog! Occasionally, students want to know the keys to writing productive literary essays. Your first-class knowledge of this great job can become a suitable foundation for these people. Good
ReplyDeleteunindent does not match any outer indentation level python
Really, this article is truly one of the best, information shared was valuable and resourceful Very good work thank you.
ReplyDeleteData Scientist Training in Hyderabad
Attend The Data Analyst Course From ExcelR. Practical Data Analyst Course Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Analyst Course.
ReplyDeleteData Analyst Course
I have to search sites with relevant information ,This is a
ReplyDeletewonderful blog,These type of blog keeps the users interest in
the website, i am impressed. thank you.
Data Science Training in Bangalore
ReplyDeleteI finally found a great article here with valuable information and just added your blog to my bookmarking sites thank you.
Data Science Course in Bangalore
I have to search sites with relevant information ,This is a
ReplyDeletewonderful blog,These type of blog keeps the users interest in
the website, i am impressed. thank you.
Data Science Training in Bangalore
I have to search sites with relevant information ,This is a
ReplyDeletewonderful blog,These type of blog keeps the users interest in
the website, i am impressed. thank you.
Data Science Training in Bangalore
Thanks for posting the best information and the blog is very informative.Data science course in Faridabad
ReplyDeleteFantastic Site with useful and unique content looking forward to the next update thank you.
ReplyDeleteData Science Training in Hyderabad
Excellent site with great content and very informative. I would like to thank you for the efforts you have made in writing.
ReplyDeleteData Science Training in Bangalore
I bookmarked your website because this site contains valuable information. I am very satisfied with the quality and the presentation of the articles. Thank you so much for saving great things. I am very grateful for this site.
ReplyDeleteData Analytics Courses in Bangalore
I am delighted to discover this page. I must thank you for the time you devoted to this particularly fantastic reading !! I really liked each part very much and also bookmarked you to see new information on your site.
ReplyDeleteData Science In Bangalore
This comment has been removed by the author.
ReplyDeleteI really enjoy reading all of your blogs. It is very helpful and very informative and I really learned a lot from it. Definitely a great article
ReplyDeleteData Science Course Bangalore
I really enjoy reading all of your blogs. I just wanted to let you know that you have people like me who appreciate your work. Definitely a great article. Congratulations! The information you have provided is very helpful.
ReplyDeleteData Analytics Courses in Bangalore