By Niloy Biswas, Delivery and Practice head, Ingram Micro Professional Services
A recent study by a large networking company highlights that nearly 74% SMBs suffered a cyber incident in the last year, which cost them more than Rs 3.5 cr to Rs 7 cr. The study also underlined that the threats increased tremendously during pandemic as most SMBs have moved towards adopting digitzation to address emerging business requirements. And what’s more, the situation can be even more alarming in the future. As per Jan 2022 a leading security company report highlighted that India is amongst the top five targets for cyberattacks in the APAC region, particularly security breaches that involve cyber espionage.
However, while most SMBs are ramping up their investments in cybersecurity, implementing technology solutions may not be the only solution to address their challenges. Based on the recent study done by large technology company, human error was a major contributing cause in 95% of all breaches. If human error was eliminated completely, an astounding figure of 19 out of 20 security breaches would not have occurred at all. This has been corroborated by other studies from Stanford, different media houses as well. In other words, there is an urgent need to enforce a cultural ethos of cyber security among employees if security breaches are to be avoided in the future.
Unfortunately, human error still plays a key role in many cybersecurity attacks. In 2021, 44% of security incidents were caused by employees falling victim to phishing or other non-malicious security policy violations — up from 36% the previous year. This was the case even though nearly half of the respondents prioritized employee security training and awareness.
What constitutes Human error?
Human Error, quite simply, is any unintentional action undertaken by a person which may result in data security breach for an organisation. It could also mean any action that an employee fails to perform and which exposes the organisation to a cyber-security threat. There can be two kinds of human errors – a skill based error are those errors in which the individual has the requisite skill to avoid error but fails to do so due to a momentary lapse of judgement. The other type of error is decision-based errors which occur because the individual does not have enough training, skill or information to avoid a faulty decision.
Human error of any kind is a serious threat to any business and has to be avoided at all cost. In order to avoid it, it becomes imperative to understand what constitutes human error.
Mis-delivery (sending some data or information to a wrong recipient) , Weak passwords (basic passwords like 123456 or Date of birth) , Patching (deferring installation of software updates which are patched) and Physical security errors (Unauthorised personnel gaining access to a secure premise or confidential information) are some of the most common types of human errors.
How to avoid the human error?
As the old adage goes, it is better to be safe than sorry. Similarly, it is better and less expensive to invest in a security framework than to clean up after a data breach.
• Assessment
Conduct a thorough assessment of where the organisation currently stands with respect to security framework. For instance, if employees use their own devices rather than office devices, then the organisation is at a greater risk of a data breach. It is therefore crucial for assessing security loopholes in terms of personnel to fix it.
• Education and training
Educating employees about the data privacy risks as well as the financial loss that has to be incurred in case of a security breach is very important. Equally important is to have a well-defined and targeted framework of cyber security training that employees have to undergo as part of the organisation. The training should include, but not be limited to- Password management, Encryption and digital signing, Phishing attacks, backing up work, Sending personal or sensitive information, Account access, Authentication, Policies and best practices. A dedicated IT team should be available for all employees to educate and train them.
• Phishing simulations
Phishing simulation programs are the best way for organisations to educate employees on how phishing attacks work and how to avoid them. At Ingram micro we conduct extensive programs where realistic phishing emails are sent to employees in order to gauge their awareness of attacks and what to do with phishing emails when they receive them.
• Cyber Drills
Similar to phishing simulations, Cyber drills are also planned events during which organizations simulates cyberattacks, information security incidents and other types of security breaches that can occur. This is focused on educating organisations’ IT staff especially and is an effective way to test cyber readiness of a company.
The self-proclaimed superpower in the world likes to be an international policeman. Other countries will take action on any occasion. In order to obtain first-hand information, the surveillance activities are in progress.
The Washington Post broke the news on Sunday that the United States has four major intelligence monitoring programs, namely Avenue, Dockyard, Nuclear, and Prism disclosed by Snowden earlier.
The United States collects nearly 5 billion mobile phone records from around the world every day.
In 2013, the “Snowden Incident” broke the scandal that the United States used the so-called “Prism” project to monitor the leaders of allied countries on a large scale.
According to the French newspaper Le Monde, the United States has stolen data from at least 62.5 million mobile phones in France through “dirty boxes”.