May 3, 2017 by

Human Vulnerability – The Biggest Threat to an Organization

Human vulnerabilities are present in every organization and can often be exploited for heinous purposes. Humans are said to be the weakest link in cybersecurity and for good reason. According to IBM’s “2014 Cyber Security Intelligence Index” over 95% of all incidents occurred due to human error and in their 2016 report, the study found that insiders carried out 60% of all attacks. Out of these attacks, three-quarters were done with intent, while the remaining one-quarter was done unintendedly. Attacks are successful due to the exploit of human weakness, attackers take advantage the lack of user awareness to carry out their intent of harm. Affecting both large and small organizations, although they may differ, they all have one thing in common, people. Regardless of size, all organizations have the possibility of human weaknesses and insider threats.

There are three types of Insiders: human error, malicious employees and disguised criminals. Human error can include anything from an employee losing a work device, using weak passwords, clicking unsafe URLs or attachments, sharing passwords, sending an email to the wrong recipient or leaving their devices unattended. The untended consequences of human error can be proven to be fatal and costly to any organization. According to Verizon’s “2013 Data Breach Investigations Report”, 95% of advanced attacks occurred through phishing emails. Although human error cannot be vanished, organizations can limit it. Holding monthly or semi-monthly meetings to educate employees on being safe and what they should look out for can decrease these errors. 

Malicious employees who have turned rogue intently cause an immense amount of damage to their organization. These employees are trusted and often have access to a lot of confidential information about a company. Employees can turn rogue from any number of reasons, they may feel they been wronged or think they are about to be fired. Using deep analytics can help organizations detect violations occurring right under their noses. It is important for an organization to rotate positions of employees so they do no become too comfortable or get too much access to information.

All employees should also receive mandatory vacations, so when they leave another employee can do their job. This employee may find that the other person has wrong intentions. Employees who have left an organization can cause a lot of damage as well. Many times, organizations do not close their accounts and former employees still have access to information. It is important that when an employee leaves the organization their accounts, and all access is closed.

Cybercriminals can begin working for an organization they intend to harm. Expertized in their “trade”, criminals know how to hide their identities and their intentions. They can be hiding as the person from HR or as the janitor and seem to get along with everyone. They exploit human weaknesses through use of social engineering tactics to play out their plans to cause damage.

Human weaknesses are present through most organizations and the exploitation of it is a reoccurring theme in most reported incidents. Manipulating the human factor is important for an organization. Educating employees, holding training sessions, and acting out scenarios, will help to prevent a compromise, and improve how employees react in an emergency situation.

Firms like LIFARS offer custom made interactive security awareness training. LIFARS provides flexible, easy to follow real world scenarios through interactive learning for employees to best learn security awareness for your organization to succeed.

 

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.