Human DNA is one of the most complex substances on the planet, in fact it is almost as complicated as ‘human beings’ themselves. That is why the Human Factor is so complicated to deal with in any topic in which it's centered.
I have written numerous articles on cyber threats, and related security issues, and while I ‘tipsy-toed’ my way around this subject, sooner or later I knew it would come up.
The reality is that an overwhelming number of cyber security threats can impact your company because of ‘the human factor.’
One recent cyber security report indicates that as many as 95% of employees try to get around security measures in the workplace that are designed to limit or eliminate threats.
While many organizations put cyber security protocols and protections, including both software and hardware based tools, in place to help protect their business from cyber crime, almost 68% of all cyber breaches occur as a result of insiders who neglect to follow the rules. Of these attacks, almost 1/3 result from either lent or stolen credentials (usually due to employees making their credentials easily located.)
Another problem today is that many employees are now posting sensitive company information to computer resources outside of the company controlled environment. For example, people are loading company information onto flash drives to carry home, only to lose or misplace them where the information can be found and easily accessed by others.
With the growth in popularity of cloud-based data storage sites, many of which are free, company employees are posting corporate data, to which they have access, to one of these cloud-sites. While they may do so only with the intent of having easier access to the information from outside normal channels, many of these cloud services have little in the way of cyber security associated with them, making these resources ‘easy pickins’ by cyber thieves.
One recent survey found that nearly 65% of the companies responding had found corporate ‘sensitive’ data contained in on-line cloud services they had not authorized.
The human factor doesn’t stop with just lost credentials, or company data being stored on unreliable and unsecured locations. More and more, company computers are becoming the harbingers of ‘personal’ information of the employees using them.
A site-survey performed by one cyber security consultant found that 87 percent of companies they reviewed had employees using their personal, web-based emails on their company devices and computers. This opens up both those devices, as well as the company network as a whole, to potential hackers that would otherwise be flaunted via the security measures associated with the company’s protected email channels.
In a similar security survey of major companies, nearly 60% of companies were identified as having had employees accessing pornographic materials during work hours from company equipment, and almost 45% of companies had employees participating in online gambling activities using their company computers.
While cyber breaches are growing in leaps and bounds, statistics show that less than 20% of all breaches arise from purely external sources, the clear majority are precipitated by insiders, either directly or indirectly. Your own ‘human resources’ maybe your biggest cyber threat.
My course titled, Cyber Security for You and Your Clients, at this summer’s Scaling New Heights, will focus on ‘the human factor’ including practical steps you can take to reduce the effects human factors play on your cyber risk. If you are already registered for the conference I encourage you to attend my class, and if you are not registered for the conference, then you need to get signed-up because Scaling New Heights will be the place to be come June 4 through 7 at Disney's Coronado Springs Resort in Orlando, Florida.