[BreachExchange] Four surprising threats to your cyber security
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Jun 19 18:52:15 EDT 2018
https://www.talk-business.co.uk/2018/06/12/four-surprising-
threats-to-your-cyber-security/
But even if you are investing in all the right controls, there are a number
of surprising risks that can catch you off-guard. It is important to
recognise that it is not just attack vectors such as malware and social
engineering that can leave your organisation exposed to cyber-attacks. Here
are four threats to your cyber security that might surprise you.
1. Employees being careless
Unfortunately, one of the major risk to a company’s cyber security is still
its employees. One key example of this is the fact that weak or stolen
passwords are the major cause in around 81 per cent of data breaches. When
the majority of data breaches could be prevented by something as simple as
a strong password, it shows that careless employees can be a real problem
for your cyber security.
It is vital, then, to provide employee with cyber awareness training when
staff understand the importance of their actions in preventing attacks it
can help them to keep your business more secure.
2. Alert fatigue
If you have never heard of alert fatigue you might be shocked at the impact
that it can have on your cyber defences. Alert fatigue occurs when an
individual or a team sees a large number of security alerts on a daily
basis – seeing a constant stream of alerts can desensitise them to the
importance of the messages (especially if many of them are false alarms).
It is important that the staff of a business should stay aware of the
dangers of potential incoming cyber-attacks – therefore every threat to the
company’s digital defences should be taken very seriously and investigated
properly. This shows that complacency can be huge risk; if employees are
disregarding alerts because they have seen them so many times, they risk
ignoring the signs of genuine attacks.
3. Ransom demands
In 2017, the British NHS and a number of organisations across Europe
suffered at the hands of the WannaCry ransomware. Whilst this is a fairly
common form of cyber-attack, the thing that is most surprising about it is
just how effective it remains. More than 70 per cent of businesses affected
by a ransomware attack would be willing to pay a ransom to unlock their data
Ransomware works by infecting a computer and encrypting the files on its
hard drive – a message then demands payment in order to decrypt the files.
If a large majority of businesses are willing to pay a ransom, perhaps many
lack the disaster recovery procedures to mitigate the risk of such attacks.
4. Former employees
A surprisingly high number of former employees appear to be willing to
steal data from the company that they used to work for. A recent study
suggested that around 25 per cent of employees will steal data when they
leave a business or organisation. You might assume that you can trust the
people who have worked for you but when there are financial rewards for
stealing data, previously honest employees can be tempted into committing
this sort of crime.
So what can you do to keep your data safe when people leave your company?
Firstly, it is important to implement policies that make it as difficult as
possible for employees to gain access to sensitive data. Restrict access to
data to as few employees as you can – provide workers with access only to
the information they need to do their job.
You should also ensure that you carry out a thorough off-boarding when
employees leave. Ensure that accounts with access to your internal systems
are disabled. Also keep a close eye on employees that are leaving and
monitor their activity on your systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180619/6ff9db55/attachment.html>
More information about the BreachExchange
mailing list