vmhosts

Human Factor in Cyber Security

Jul 26, 2024 | News

Cyber Security isn’t all about the latest application or using AI to detect suspicious behaviours. A very real threat is the people sitting at the keyboard.

The term “human factor” in cybersecurity refers to the various ways human behaviour, decisions, and actions can all inadvertently compromise security. This is a range of activities, from falling for phishing scams to mishandling sensitive information, and even deliberate insider threats. The sad truth is the people involved in everyday work can be the weak link in security.

 

  • Phishing Attacks

    Phishing involves fraudulent attempts to obtain sensitive information, such as passwords or account access, by disguising as a trustworthy site. Common attacks are linking to documents which appear to be behind an M365 login page.

    Despite people having heard of phishing remains highly effective due to its evolving sophistication and manipulation techniques. Regular awareness campaignes are needed to keep it on the front of staffs mind.

  • Weak Passwords

    Many users still rely on easily guessable passwords or reuse the same password across multiple sites.

    Weak passwords can be easily cracked by attackers using various methods, such as brute force attacks, leading to unauthorised access to systems and data breaches.

    By leveraging a password manager staff can be confident in their passwords!

  • Social Engineering

    Social engineering exploits human psychology to trick individuals into divulging confidential information or performing actions that compromise security.

    Techniques include pretexting, baiting, and tailgating, often circumventing technological defences by manipulating their target.

  • Insider Threats

    Insider threats involve individuals within an organisation who intentionally or unintentionally cause harm through their access to systems and information.

    Insiders have legitimate access, making it difficult to detect malicious activities. Motives can range from financial gain to grievances or coercion by external actors.

    Recently a fake Korean worker was found in a US company which provides security services!

  • Negligence and Lack of Awareness

    Negligence includes failure to follow security protocols, accidental data leakage such as allowing information to be seen over the shoulder, or improper handling of devices and information like a laptop or document left on the bus.

Reducing Human-Related Cyber Risks

The bes way to reduce the risk is to ensure the people involved are as educated and aware of the threats as possible. Conduct regular training sessions to educate employees about the latest cyber threats and best practices. Awareness posters help keep the threats front of mind.

Simulated phishing exercises help to test and improve employees’ ability to recognise and respond to phishing attempts

Encouraging a culture where cybersecurity is a shared responsibility across all levels of the organisation is a great move. Along with rewarding proactive behaviour and vigilance in identifying and mitigating potential threats.

Lastly utilising advanced security solutions, such as AI-driven threat detection and response systems, to complement human efforts as a backstop in case the person fails.

 

While technology plays a critical role in safeguarding our digital world, the human factor remains a significant challenge. By being aware, understanding and addressing the various ways the people can compromise security, organisations can create a more resilient defence strategy. Continuous education, policies, and fostering a security-first culture are essential steps in mitigating the risks associated with the human factor.

Why not speak to VMhosts to see how we can reduce the risk in your business?

👉 Contact Us for professional support and cybersecurity services. Let’s work together to keep your business safe and resilient. 

 

Disaster Recovery