X


    X


      VIEW OUR TECHNOLOGY PARTNERS

      INDUSTRY INSIGHTS

      INDUSTRY INSIGHTS

      A human-centric approach to protect against cyber security threats

      The start of 2020 brought a huge change to businesses as the world found itself faced with a pandemic that would change the way we live, shop, and work. Almost overnight, the office environment went quiet and the home office was introduced to a sea of employees who did not have the proper equipment or space to accommodate this new way of working. On top of not having a proper office chair at home, employees would be asked to work from a new network with new implications for the company they are working for. While some companies were prepared to accommodate remote workers, the rise in cyber attacks in 2020 is a strong indication as to the vulnerabilities that came into existence with the home office.

      In a report generated by Interpol at the end of 2020, it was found that due to a dependency of online work and communication, cyber criminals found new opportunities to exploit companies with lower defenses through a remote workforce. A majority of the cyber attacks they found at the beginning of 2020 were attributed to phishing, scams and fraud.1 These are attempts to infiltrate a company using an unsuspecting company insider. Meaning, any single employee that is left unprotected by their company can be a threat to that company. One misclick in a phishing email can mean an open door to a cyber criminal.

      This is not to say that there is malintent from employees within an organization. Quite the opposite, employees are merely a victim of inescapable human error. In the 2020 Data Breach Investigations Report (DBIR) from Verizon, it was found that while hacking remains the most common action attributed to a breach, it saw a decline last year, while there was a steady increase in the frequency of error as the attributed action. According to that same report “there is no getting away from the fact that people can, and frequently do, make mistakes and many of them probably work for you”.

      While insider risks are understood to be a contributing factor to a breach, it has only recently become accepted as a categorical issue that can be addressed. Slowly, companies are adapting to find new ways to protect their employees both remotely and in the office.

      Instead of pushing the blame onto employees who are working within their natural tendencies, companies should consider what changes can be made within an organization in order to protect against outside threats that enter through inside means. Many companies maintain a data protection policy within their company handbook. The data protection policy is designed to be a guide for employees as they move about their general daily activities and assist when making decisions on behalf of the company. As important as this document is, quite often, employees review the handbook only upon entering a company, even though handbooks tend to be updated periodically to keep up with ever-changing regulations and ideas. This dilemma is an inconvenient truth that is often overlooked but can make the difference between a secured company and a breached one.

      Teaching and reinforcing positive cyber hygiene amongst employees is one way in which employees can help in defending against cyber attacks. This is the consistent and safe training of employees when they perform a maneuver that could compromise important data or open themselves up to a threat. This could be attaching a document with sensitive information to an outside source using a document sharing service, or clicking on email without reviewing the source. With practice and consistent guidance, it is possible to train employees with new programs that help to curb unwanted behaviours. With notifications being made to the employees when one of these incidents is about to occur. The employee can learn in real-time why they cannot or should not perform this action. It can also be a comfort to the employees who know they are protected within this system of alerts, with additional options to anonymize which employee is connected with each incident; full visibility while maintaining privacy. With time, these actions will become habits. Human error is always likely to occur, but with incident based training, employees and companies can better protect themselves from outside risks.

      The future of work has changed with employees working both remotely and back in an office. In order to accommodate these changes, employers need to make changes now to better protect their employees to better protect their data. The cost of a breach can soar into the hundreds of thousands depending on the extent and industry. The educated workforce is a company’s best defense against this threat.

      Written by Anne Simpson
      Marketing Manager, EMEA, Ava Security

      Ava Security is a global technology company with offices in the UK, Norway, and the USA. They believe that they can create a better, smarter way to deliver security. Ava injects intelligence into their approach to security and all their solutions.

      Website: https://www.avasecurity.com/
      LinkedIn: https://www.linkedin.com/company/avasecurity/
      YouTube: https://www.youtube.com/channel/UCOE3yPugfEpkJ77kFxomYnA

      Sources
      1 Interpol. “Cybercrime: COVID-19 Impact.” August 2020. Interpol.int, https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19#:~:text=From%20February%20to%20March%202020,by%20a%20private%20sector%20partner.
      2 Verizon. “Data Breach Investigation Report 2020.” 2021, pp. 13 -14. https://enterprise.verizon.com/resources/reports/dbir/.

      Latest News

      Cybersecurity risk underestimated by operational technology organizations

      Read More

      Saviynt 2021 Enterprise Identity Cloud Release with Microsoft Integrations

      Read More

      Skybox Case Study : Improving the SOC Through Visibility and Automation

      Read More

      Skybox Security delivers new prescriptive vulnerability remediation solution

      Read More

      Ava Reveal’s brand-new investigation, inspection, and blocking functionalities

      Read More

      Gartner report: Top Security and Risk Management Trends for 2021

      Read More

      Facts about POPIA

      Read More

      South Africa’s Fireside Chat Roundtable with IronNet Security

      Read More

      How to mature your cybersecurity program with Skybox Security

      Read More

      A human-centric approach to protect against cyber security threats

      Read More

      Breach and Attack Simulation vs Pen Testing

      How easy is it for a malicious actor to get into your network? Cyber attacks are growing steadily in number, strength, and variety. In parallel, even the most sophisticated adversaries are using surprisingly unsophisticated means to wreak damage. Top-notch hackers can mimic legitimate user actions and go under the radar of protective measures. They can move laterally from hole to hole and reach what matters most to you – your crown jewels.

      Read More

      Remote workforce security solution ensuring business continuity

      As businesses send their employees to work from home, it’s imperative for security professionals to provide guidance so remote workers can do their part to help you keep your organization secure and protected from breaches. With Ava Reveal, organizations get visibility of their data and endpoints outside of the office.

      Read More

      BECOME A PARTNER

      TECHNOLOGY RESELLERS AND SYSTEMS INTEGRATORS

      AltronBCXBlue TurtleClyroforDatacentrix
      DIMENSION DATA SECURITYDRSINFORMATION SECURITY ARCHITECTSPERFORMANTAREDBRIDGE