One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 5824009 |
| Date de publication | 2022-07-19 10:00:00 (vue: 2022-07-19 10:06:13) |
| Titre | What roles do humans play in cyber breaches |
| Texte | This blog was written by an independent guest blogger. Data is the most valuable asset of any organization, and most employees have access to secure business data. This makes them the first line of defense against combating a cyber-attack. However, hackers target vulnerable employees with insecure devices and sophisticated techniques to access the company's network and compromise valuable data. Human error enables a vast majority of cybersecurity problems. Many employees are already aware of the dangers that their mistakes can pose. A study found that nearly 88% of all data breaches result from employee mistakes. In addition, 60% of cybersecurity professionals accepted that their staff is the weakest link in IT security. It is high time for organizations and employees to take measures to reduce the attack surface and ensure a robust cybersecurity culture. Why humans are the weakest link in any organization? The cybersecurity threat landscape is becoming complex and threatening even with practicing strict cybersecurity regulations and using emerging technologies. Against this growing threat landscape, 57% of businesses assume that their IT security team might become compromised, and the most significant threat against the cyber-attacks is their employees. Humans are the weakest link in any business organization and continue to drive data breaches. The Verizon Data Breach Incident Report 2022 finds that 82% of cyber breaches involved the human element. By human element, it is meant that a breach can occur because of clicking on a link in a phishing email, reusing the same old passwords, or using the internet without hiding their IP. For example, a notable venture capital firm, Sequoia Capital, got hacked in February 2021. The hacking incident occurred because employees fell victim to a phishing attack that exposed its investors' personal and financial information to third parties. Besides this, there are a few other reasons that make employees vulnerable: Inadequate software security Employees tend to be careless when they perform the same task regularly. It turns their work into something that focuses more on efficiency than carefulness. As a result, they start neglecting to follow proper security procedures and practices and often compromise the cybersecurity of the entire organization. They even neglect updates because they consume more time or the pop-ups are inconvenient, leaving software vulnerable to cyber-attacks. Moreover, some employees continue to use legacy software with known vulnerabilities. They typically use such software because they’re used to it - not because it has exclusive features. In addition, employees sometimes disable security update options because they think it hinders their work. Such actions compromise the entire security of the organization. Low security awareness Hackers easily install malware, spyware, or ransomware through vulnerable or careless employees. Most employees have low security awareness about the evolving cyber threats and attacks that expose them to malicious actors to access the company's data. Employees even use or download unauthor |
| Notes | |
| Envoyé | Oui |
| Condensat | 2021 2022 about accepted access accessed accounts actions activities activity actors addition addressed addressing admins against alerts all already also always amount antivirus any apart approach are around asking asset assistance associated assume attack attacks automate automating avoid aware awareness bear because become becoming before behind besides best blocks blog blogger breach breaches business businesses can capital carefulness careless cause caused chances changing clear clicking cloud combating commit common communication company complex compromise compromised confused consequences consume contain continue control crack create critical crucial culture cyber cybersecurity daily damage dangers data day decisions defense delete department detect devices disable discussed doing don download drive each easily educate effective efficiency efforts element eliminate email emailing emails emerging employee employees enable enables encourage encrypts engage engaged engineering enhance ensure ensuring entering entire error errors errors: essential even ever every evolving example exclusive expose exposed extremely features february fell files final financial finds firm first focus focuses follow found frequently from fundamental furthermore gateway generates gets got growing guest hacked hackers hacking handling hard harm has have having help here hiding high hinders holistic how however human humans implementing important improve improving inadequate incident include: inconvenient incorrect increasing independent information insecure insider install instances internet invade invest investors involved items its know knowledge known lack landscape leads leak leaks leaving legacy like line link loss low maintaining majority make makes malicious malware managers many massive may meant measures might minimizes misconfigure mishandling mistake mistakes mitigation monitor monitoring more moreover most must nearly need needs neglect neglecting network new not notable occur occurred often old online only opportunities opportunity options organization organizational organizations other others parties password passwords perform performing person personal phishing play policies pop pose posters posture practices practicing prevent prioritizing problems procedures productive professionals prone proper properly protecting purpose: push ransomware realizing reason reasons recipient reduce reduced reduces reducing regularly regulations related remember reminders report reputational responsible result resulting reusing reveals risk risks robust roles routine safe same save scale secure security send sending sensitive sequoia serve sharing significant signs simple social software some something sometimes sophisticated space specific spyware staff start strategy strengthen strict strong study such surface system take target task tasks team techniques technologies tend than them these they’re think third those though thoughts threat threatening threats through time tips tools topics traffic train training trust turns typically unauthorized update updates ups use used useful users using valuable various vast venture verizon victim viruses vpn vulnerabilities vulnerable vulnerable: way ways weakest what when which who why wide will without work written wrong your zero |
| Tags | Data Breach Malware Threat Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.