NFT artist DeeKay Kwon had his Twitter account hacked at the end of last week by scammers who managed to steal NFTs valued at $150,000 from his followers.
Read more in my article on the Hot for Security blog.
Security breaches from issues associated with supply chain and third-party suppliers made an unprecedented jump in the US in 2021, rising 297% year over year and representing about a fourth of all security breaches, according to a study by IAM (identity and access management) company ForgeRock.
The company’s 2022 Consumer Identity and Breach Report found unauthorized access to be the leading infection vector for the breaches, accounting for 50% of all records compromised in 2021, up 5 percentage points from 2020.
The average cost of a breach in the US, according to the report, was $9.5 million, which is the highest in the world and up 16% from $8.2 million in 2020.
This blog was written by an independent guest blogger.
Data is the most valuable asset of any organization, and most employees have access to secure business data. This makes them the first line of defense against combating a cyber-attack. However, hackers target vulnerable employees with insecure devices and sophisticated techniques to access the company’s network and compromise valuable data.
Human error enables a vast majority of cybersecurity problems. Many employees are already aware of the dangers that their mistakes can pose. A study found that nearly 88% of all data breaches result from employee mistakes. In addition, 60% of cybersecurity professionals accepted that their staff is the weakest link in IT security.
It is high time for organizations and employees to take measures to reduce the attack surface and ensure a robust cybersecurity culture.
The cybersecurity threat landscape is becoming complex and threatening even with practicing strict cybersecurity regulations and using emerging technologies. Against this growing threat landscape, 57% of businesses assume that their IT security team might become compromised, and the most significant threat against the cyber-attacks is their employees.
Humans are the weakest link in any business organization and continue to drive data breaches. The Verizon Data Breach Incident Report 2022 finds that 82% of cyber breaches involved the human element. By human element, it is meant that a breach can occur because of clicking on a link in a phishing email, reusing the same old passwords, or using the internet without hiding their IP.
For example, a notable venture capital firm, Sequoia Capital, got hacked in February 2021. The hacking incident occurred because employees fell victim to a phishing attack that exposed its investors’ personal and financial information to third parties.
Besides this, there are a few other reasons that make employees vulnerable:
Employees tend to be careless when they perform the same task regularly. It turns their work into something that focuses more on efficiency than carefulness. As a result, they start neglecting to follow proper security procedures and practices and often compromise the cybersecurity of the entire organization. They even neglect updates because they consume more time or the pop-ups are inconvenient, leaving software vulnerable to cyber-attacks.
Moreover, some employees continue to use legacy software with known vulnerabilities. They typically use such software because they’re used to it – not because it has exclusive features. In addition, employees sometimes disable security update options because they think it hinders their work. Such actions compromise the entire security of the organization.
Hackers easily install malware, spyware, or ransomware through vulnerable or careless employees. Most employees have low security awareness about the evolving cyber threats and attacks that expose them to malicious actors to access the company’s data.
Employees even use or download unauthorized software and risk the organization’s security. Though not all software is malicious, it may contain vulnerabilities that serve as a gateway to your system for the malicious threat.
Employees work with a massive amount of data every day and make mistakes in handling it properly, which leads to data leaks. They might send critical information via email to the wrong employee. Most employees are responsible for sending many emails daily. By entering an incorrect recipient, the sensitive data is accessed by an unauthorized person. They might even delete some crucial files to clear space without realizing how important those files are. The Verizon report also reveals that 20% of data breaches are caused by simple mistakes such as emailing the wrong person or having IT admins misconfigure their cloud accounts.
The best way organizations reduce human mistakes and control the risks of cyber-attacks is to invest in a holistic strategy and policies. Furthermore, they also need to ensure that employees follow effective tips to enhance the cybersecurity culture.
Here are some of the ways that can reduce the threat of human errors:
Changing the work culture routine, practices, and technologies reduces the opportunity for employees to commit a mistake. The best ways to start the mitigation efforts include:
Ensuring that employees only have access to data essential for performing their tasks. This minimizes the amount of information an employee has, and even if it gets compromised, the damage is not on a wide scale.
Password-related mistakes are also a common human error, with users reusing or sharing their passwords. Encourage employees to use strong and complex passwords that are hard to crack. They can also use password managers that eliminate the need to create and remember strong passwords.
Implementing a zero trust approach will strengthen your network security and help prevent unauthorized access.
Ensuring that employees always use cybersecurity software like VPN and antivirus software is critical. A VPN encrypts the data traffic, protecting your communication. The antivirus software generates alerts from malware and viruses and blocks them before they can do harm.
Organizations can also automate tasks to save time, improving human efficiency, and reducing chances of human errors. By automating specific error-prone tasks, employees can focus on doing some other productive tasks.
Apart from reducing opportunities that cause employees to make errors, the reason behind these mistakes needs to be addressed. For this purpose:
Educate employees on fundamental security practices and enable them to make decisions by prioritizing security and asking for assistance from others if they are confused or don’t know the consequences of their actions.
Topics around security must be regularly discussed, and employees need to engage more frequently. By doing so, each employee is engaged in maintaining the organizational security.
Install security posters or online items with security tips that serve as reminders. This can be extremely useful to new employees who are not associated with the IT department.
Encourage employees to report signs of a data leak and train them to detect various social engineering techniques that hackers often use to invade the business network.
Besides this, it is also crucial for organizations to monitor employees’ activities. Employees can be insider threats, resulting in a data breach. Monitoring tools can detect malicious activity and secure the system from attacks or data leaks.
In most instances, human errors cause data breaches that push organizations to bear financial and reputational loss. However, human errors can be reduced. By practicing safe cybersecurity measures and implementing cybersecurity awareness training policies, organizations can improve their security posture and avoid ever-increasing cyber risks and threats.at
The last decade has seen its fair share of watershed moments that have had major implications on the cybersecurity landscape. Severe vulnerabilities, mass exploitations, and widespread cyberattacks have reshaped many aspects of modern security. To take stock of the past 10 years, cybersecurity vendor Trustwave has published the Decade Retrospective: The State of Vulnerabilities blog post featuring a list of what it considers to be the 10 most prominent and notable network security issues and breaches of the last 10 years.
“It is difficult to tell the complete story about the network security landscape from the past decade because security tools and event loggers have evolved so much recently that many of the metrics that we take for granted today simply did not exist 10 years back,” the blog read. “Nevertheless, the data that is available provides enough information to spot some significant trends. The most obvious trend, based on sources like the National Vulnerability Database (NVD), Exploit-DB, VulnIQ, and Trustwave’s own security data, is that security incidents and individual vulnerabilities have been increasing in number and becoming more sophisticated,” it added.
Darktrace has announced a new set of AI products designed to deliver proactive security to help organizations pre-empt cyberthreats. The PREVENT products are the latest additions to the firm’s artificial intelligence (AI)-driven portfolio, which it claimed works together autonomously to optimize an organization’s state of security through a continuous feedback loop. The firm said that the new products are based on breakthroughs developed in the company’s Cambridge Cyber AI Research Centre and the capabilities gained through the acquisition of Cybersprint earlier this year.
In a press release, Darktrace stated that its two new PREVENT products use AI to “think like an attacker,” finding pathways to an organization’s most critical assets from “inside and outside,” analyzing the most disruptive attacks for an organization and feeding information to support continuous learning and automation to harden systems. PREVENT/E2E (End-to-End) uses an outcome-based approach to managing cyber risk incorporating capabilities from across multiple disciplines including attack path modelling, automated penetration testing, breach and attack emulation, security awareness testing and training, and vulnerability prioritization.
