The Human Factor—The Strongest Line of Defense for Cybersecurity
When you hear that companies have suffered a cyber-related data or monetary loss, your immediate reaction may be to assume that the culprits were automated bots fielded by foreign hackers or software security systems that failed to perform effectively. While those are frequently factors in such breaches, they’re only part of the picture.
Many cyber breaches include an employee element: Joe Smith who clicks on a phishing email, Sarah Jones who accesses her work email on an insecure Wi-Fi at the local coffee shop or Amanda Garcia who has never changed the default password for the payroll system. Company employees as well as people who work for the company’s contractors and third-party suppliers often bear responsibility for cyberthefts, whether they’ve acted maliciously or inadvertently.
The size of the problem can be difficult to determine. A June 2017 report from IBM Security and the Ponemon Institute found that 24 percent of data breaches were caused by negligent employees; a recent Verizon data breach investigation report attributes 28 percent of cybersecurity incidents to insiders. But IBM X-Force 2018 report said that inadvertent insiders were responsible for more than two-thirds of the total records compromised.
Cybersecurity expert John Sileo, who will be speaking at the 2018 MHI Executive Summit in October, agrees with the larger number. “Human decisions and errors, whether intentional or accidental, make up more than 70 percent of the data loss that we see,” he said. “It might be as simple as clicking on a phishing link, responding to a whaling scheme or forgetting to do your job.”