A recent report from Kaspersky Labs revealed that 90% of cybersecurity attacks are due to human error. That is a staggering number, but it shouldn’t be surprising given the trends we’ve seen recently.
Take the WannaCry attack for example. Two months after Microsoft patched the breach, many companies remained vulnerable simply because too few employees restarted their computers to allow the updates to be installed. This caused the attack to dwell in the system despite a threat detection process.
The Zoom Breach
Another attack that took place in the last several months is the Zoom breach. The hack impacted Mac computers and allowed the hackers to have complete access and control to the computer's camera and microphone. Even if the user deleted the app, the hacker could reload it and regain control to see into the daily operations, meetings, and of course, the private plans, of a company. The question remains how many employees have since updated the patch.
FaceApp as a Case Study
Moreover, how often do employees read the fine print before downloading something? Although FaceApp does not directly impact any organization’s cybersecurity, it serves as the perfect case study as to why employees need better security education. The fine print states “FaceApp is allowed to use your name, username 'or any likeness provided' in any media format without compensation and you won't have any ability to take it down or complain about it, reports claim. It also will not compensate you for this material and it will retain the image long after you've deleted the app.”
You CANNOT complain and it will retain the image long after you deleted the app. That should raise red flags even among the least security conscious of us.
According to a quote from cybersecurity expert, Ariel Hochstadt, given to MSN news, “Hackers are able to record the websites that people visit and the activities they perform on those websites, but they don't always know who those users are” and “'They also know who this image is, with the huge database they created of FB accounts and faces, and the data they have on that person is both private and accurate to the name, city and other details found on FB.' Yet people are embracing this app with open arms. The same people who impact our organization’s security on a daily basis.
How to Protect Your Organization from Itself
Often times, enterprises are so concerned with outside threats they forget that non-IT personnel in their own organization can pose a larger threat to their cybersecurity posture, often unintentionally. With 30% of the world’s top 560 websites unsecured, including ESPN.com, BBC.com, Wikia.com, MyShopify.com, Chegg.com and NBA.com, it is far too easy for an employee to unknowingly stumble into a security threat.
Given how many people work in a typical large enterprise, there are endless ways for threats and other malicious communications to enter a network. Faced with limited resources, security operation centers (SOCs) have an uphill battle to keep a network secure. Therefore, a solution to quickly detect and respond to all these seemingly harmless threats must be AI-based to deliver instantaneous results of employee “misbehavior”. It needs to provide a continuous analysis of communications and apply cluster-based machine-learning algorithms indicating serious issues within seemingly innocent processes, such as software updates as an attempt to download malware.
To learn how to maximize your current cybersecurity technology and better protect your organization from its employees check out SecBI’s demo: https://detect.secbi.com/watch-secbi-demo
Or reach out to our team with questions at email@example.com.