What’s the weakest link in your network security chain? It probably doesn’t involve hardware or software. Numerous industry and government reports find that more than 90 percent of all security incidents are the direct result of human error.
The recent WannaCry ransomware outbreak was a jarring reminder that even the most advanced security technology can be undone by mistakes and miscalculations. The largest cyber extortion attack in history crippled computers around the world primarily because administrators failed to do routine software updates and employees clicked on malware-infected email attachments.
Despite all the attention and resources focused on cybersecurity, organizations still fail to protect their most valuable assets from hackers because they focus too much on security technology rather than strong security practices and processes. Here are a few of the most common errors that cyber criminals routinely exploit:
Inconsistent education. Employees must be consistently trained and reminded of the dangers of clicking on unverified email attachments and web sites. Security measures are most effective if everyone understands best practices, with regular reminders and refreshers about the latest threats.
Poor password practices. Many of the most high-profile data breaches have resulted from weak or compromised passwords. All organizations should make sure employees use strong passwords and consider implementing multifactor authentication solutions that combine passwords with other verification factors such as tokens or biometric identifiers.
Security shortcuts. Employees frequently disable antivirus, encryption and other security tools if they think it makes their jobs easier. They may also attach storage devices and wireless cards to a machine without checking with IT. Such practices can open attack avenues and must be discouraged.
Lack of urgency. Procrastination is one of the biggest security threats. Breaches often happen because someone didn’t install patches in a timely manner, or failed to update virus definitions regularly. Failing to conduct regular backups makes an organization vulnerable in the event of a breach or ransomware attack.
Alert fatigue. Security systems generate a large number of alerts, including many false positives. Over time, this can cause people to start ignoring these events. That’s what happened with the big Target breach in 2014. Organizations must continually tune their security systems to ensure that alerts are providing source information and context, and that the proper people are being alerted.
Responsibility overload. Large organizations have IT departments with many skilled staffers who can specialize in certain areas. That’s a luxury many smaller businesses don’t have, which often results in a single “IT guy” who must do everything from setting up the network to configuring peripherals, managing the phone system and monitoring security. That is a lot of responsibility, and pretty much ensures that something will eventually slip through the cracks.
Security threats are more complex, diverse and frequent than ever before. They require a layered defense that integrates a variety of hardware- and software-based tools such as firewalls, intrusion protection systems, antivirus and antimalware solutions, advanced encryption and multifactor authentication.
However, security is ultimately a human responsibility, and limited resources, staff and budget all make it difficult for smaller businesses to keep pace. A managed services provider such as Verteks can provide an edge. We have the expertise, toolsets and manpower necessary to keep your security environment up-to-date, and can enforce a best-practices approach that reduces the risk of human error.
