Link share

Cybersecurity: people are the weak link in the chain

By Neelesh Kripalani

What if someone tells you that the small fortune you’ve invested in the latest cybersecurity solution might not be protecting you as expected? Yes, despite adopting the most sophisticated cybersecurity tool, a cyberattack is only a “human error” away. The World Economic Forum has found that 95% of cybersecurity incidents are due to human error (source – Global Risks Report).

Human error leading to cybersecurity breaches is an old problem. For years, it has been identified as a major factor in cybersecurity breaches. Here are the most common human errors that lead to cybersecurity breaches:

Read also | Government Withdraws Lok Sabha Data Protection Bill

Weak Password Security: Using simple, common passwords, sharing them, or storing them incorrectly results in weak password security and increases the likelihood of a breach.

Read also | Cybersecurity: companies want more for their money

Use of unauthorized software: If employees install applications without the knowledge and approval of IT teams, this can lead to an attack and unauthorized access to the organization’s IT infrastructure and applications. Neglecting software updates containing important security patches is another major reason for security breaches. Opening email links or attachments without paying attention to small clues such as incorrect spelling in the domain can lead the recipient and, indirectly, the company to fall victim to a phishing attack .

Ineffective data access management: A rigorous administrator who strictly adheres to an organization-wide access policy is very important. This will ensure security at all access points and prevent malicious imposters from accessing and controlling the organization’s data and systems.

Mishandling of sensitive data: If sensitive data has been sent via email, it can lead to a cyberattack. Using public Wi-Fi without using a VPN and plugging in unsecured devices such as USB drives can also lead to unauthorized access to data and entry into sensitive systems.

Although human error cannot be checked at all times, here is a set of eight best practices that can completely prevent such errors or keep them to minimal levels:

Implement the “Zero Trust” policy, i.e. verify and monitor every connection.
— Educate Employees – Conduct periodic cybersecurity trainings to raise awareness.
— Implement two-factor or biometric authentication to increase password security.
— Monitor your employees’ activity with Data Access Monitoring (DAM).
— Ensure regular software updates provide new and improved features and security enhancements.
— Limit access to sensitive data with tools such as Privileged Access Management (PAM) and Privileged Identity Management (PIM).
— Use system control and monitoring tools to identify potential cybersecurity incidents, so they can be contained.
— Block USB devices when connecting to prevent users from accidentally infecting the system/network with malware.

The mainstream wisdom indicates that humans are the weakest link in cybersecurity. However, organizations must understand why human errors occur and reduce the likelihood of such errors by using appropriate tools as well as educating employees. Although the risk of human error cannot be completely eliminated, following the aforementioned practices can help significantly reduce their impact.

The author is CTO, Clover Infotech.