The cybersecurity landscape continues to evolve, with threat actors leveraging new hacking techniques to penetrate and exploit critical infrastructure. While organizations are worried about misconfigurations and poor security practices, human errors remain a major cause of cyberattacks and data breaches.
By Rudra Srinivas, Feature Writer, CISO MAG
The Cost of Human Error
According to a study “Psychology of Human Error” by Stanford University Professor Jeff Hancock and security firm Tessian, 88% of data breaches are caused by employees’ mistakes. The study highlighted that nearly 43% said they’re sure they have made a mistake at work that had security repercussions for themselves or their company. Several organizations claim that human error was the primary factor with a year-over-year increase in several security incidents. Almost 93% are concerned about human error causing accidental exposure of their cloud data.
Cybersecurity awareness among employees is important as negligent actions could lead to severe security repercussions.
Four Ways to be CyberSmart
1. Think Twice
Whether it’s an attachment or link, don’t rush to open/download it as it could be malicious. Threat actors often distribute malware via email attachments or URLs. Once clicked or downloaded, these URLs/attachments automatically download the malware on the victim’s device or redirect the victim to a hacker-operated website that steals users’ login credentials.
2. Protect Your Passwords
Having strong passwords is not sufficient. Users must protect their passwords online with robust password protections like multi-factor authentication (MFA). Never allow websites and applications to remember your passwords, as Magecart hackers often compromise websites to pilfer users’ payments and other sensitive details. Use only reputed password management services.
3. Verify the Requester
Always be cautious when someone asks for your personal details like login credentials. Cybercriminals use various phishing and social engineering lures to make victims perform activities impersonating to be someone you know. Always verify the identity of the requester asking for your personal details, even if it is somebody you know.
4. Know When to Delete
Delete your sensitive data from your devices and online accounts when it’s no longer required. Regularly backup your critical files and store them separately in the cloud or encrypted USBs.
Here’s what experts have to say Acknowledging the importance of the Cybersecurity Awareness Month, Robert Prigge, CEO of Jumio, said, “The amount of large-scale cybersecurity breaches we’ve witnessed in the last year highlights just how creative cybercriminals will get to steal sensitive data and sell it on the dark web. The number of reported identity theft cases more than doubled from 2019 to 2020, while the number of reported data breaches escalated 38% from the first to the second half of 2021. With traditional online verification tools such as knowledge-based authentication and passwords, organizations will continue to place consumers’ personal information at risk of being compromised.”
“Cybersecurity Awareness Month encourages security leaders and executive decision-makers to modernize their security practices to adapt to the increased sophistication of fraudsters. In today’s cybersecurity climate, organizations must move away from outdated, obsolete authentication methods and implement more advanced identity verification solutions, like face-based biometric authentication, that confirm online users are truly who they claim to be. This month is also essential for educating consumers on safeguarding their digital identity and managing personal data consent rights online. These best practices are crucial to keep data away from the hands of malicious actors.”
Concurring with Prigge, Anurag Kahol, CTO and Cofounder of Bitglass, added, “From cloud misconfigurations exposing massive amounts of sensitive data online to ransomware attacks severely impacting critical infrastructure, this past year has underlined the inherent lack of proactive security across organizations of all sizes. As we move toward a new era of hybrid operations post-pandemic, the sophistication and frequency of cyberattacks will only continue to increase at an exponentially higher rate. Organizations must be prepared to face the evolving threat landscape to protect their employees, corporate infrastructure, and sensitive data.”
“International Cybersecurity Awareness Month serves as a reminder for enterprises to make security a strategic imperative. A vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources while following a Zero Trust framework to prevent unauthorized network access. Additionally, enforcing comprehensive cybersecurity training for all employees, hiring security experts and continuously monitoring and enhancing cybersecurity postures will ensure organizations are adequately equipped to defend their modern operations.”
Cybercriminals constantly adopt newer techniques to target internet users. Hence, becoming CyberSmart is requisite to defending against rising threats.
About the Author:
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from Rudra.