As companies adopt digital technologies and move to cloud systems, risks of cyber-attacks have grown exponentially. Companies have to be well equipped to tackle such attacks, which can prove very costly and at times fatal to the business. An array of cybersecurity technologies coupled with well-informed employees can help a company in decreasing cybersecurity risks, considerably.

Companies scout for the most advanced technological solutions to combat and prevent cyberattacks and invest millions of dollars in deploying software and hardware solutions as well as in framing and implementing cybersecurity policies. But, all of this could go in vain if there is not enough awareness around cybersecurity best practices amongst company employees and partners.

Cybersecurity awareness and training should not be restricted to the IT personnel but should be extended to everyone within the organisation, as every employee working with the company and connected to the internet is vulnerable to the cyber threats.

An annual report by cyber security company RiskIQ has found that $2.9 million were lost to cybercrime every minute on internet in 2018¹.

Insiders could be harmful

Despite the implementation of security solutions, the number of cybersecurity breaches is growing significantly and with them is the cost of breaches. An attack not only compromises the company’s data but also affects its day-to-day operations, reputation and stock value. Financial damages come from the ransom demanded by the hackers, disruption in operations as well as lawsuits that are being filed against the company for its inadequacy in protecting the information, if employee or customer data is being compromised.

Organisations are increasingly reinforcing their cybersecurity defences to stay protected against cyber threats but a company’s cybersecurity is only as strong as its weakest employee, as a significant number of cyberattacks are caused by insiders, either deliberately or out of negligence.

In a survey by Shred-it and Ipsos, 31% of small business owners and 47% of C-suite executives revealed human error or accidental loss by an employee/insider as the cause of the cyber breach².

One of the most notorious examples in this reference is the Equifax data breach, which compromised the data of about 146 million Americans and is said to have been caused by a single employee’s negligent behaviour. This employee from the company’s technology department ignored security warnings and failed to ensure software fixes which ultimately led to the data breach. Well, the company had to bear a cost of $1.4 billion plus legal fees for the data breach. Costly!

It’s not always unintentional

Several times companies have some employees with malicious intent, who launch or help launch a data breach.

One such case was that of Anthony Levandowski, ex-Lead Engineer of Google’s self-driving car project, Waymo. Levandowski downloaded about 14,000 files from Google’s server, stealing the company’s marketing information, diagrams and drawings related to simulations, radar technology, and Light Identification Detection and Ranging (LIDAR), confidential PDFs, source code snippets and other trade secrets, which he passed on to his new employer Uber. The theft compromised the details of the technologies that were developed for the Waymo project after investing $1.1 billion.

Such cases highlight the ever-present risk of data breach associated will ill-informed and ill-intentioned employees and the damages that such employees could cause.

There is no fool-proof solution to fix the issue but a comprehensive awareness training regimen, encompassing employees across all hierarchical levels could help in reducing the chances of cyberattacks. Equipping employees with knowledge about common forms of cyberattacks and their modus operandi helps in making them more vigil and cautious when working on connected networks, both inside and outside the company premises.

Growing number of sophisticated and severe cyberattacks is prompting companies to update their training programmes from time to time in order to stay relevant to today’s risks and create awareness amongst employees.

Changing business models and expansion of network endpoints due to the growth in the number of offsite employees and freelancers as well as the permission to bring and connect one’s own device/s to the company’s network has also raised security concerns. A well-articulated, comprehensive and updated cybersecurity training programme can help in guiding such employees working onsite or offsite on their own devices to securely access and navigate across company systems and connected apps and websites and refrain from accessing unsafe systems and sites. The training programme also helps in communicating the permissions that the employees in each department and cadre have and guide them in better understanding what information is available to them, what could be shared and what has to be kept confidential.

Data is considered as the most valuable resource today. Companies and consumers have become increasingly protective about their data, which could cause a lot of damage if in wrong hands. Cybersecurity is the biggest threat to global businesses today. With growing sophistication of cyberattacks and no signs of slowdown in their numbers, companies have to take all sorts of precautions to effectively tackle and prevent breaches. Humans play a significant role in this fight and so creating higher awareness and a risk aware culture within the organisations is very crucial.

References:

https://www.infosecurity-magazine.com/news/cybercrime-costs-global-economy/

https://www.helpnetsecurity.com/2019/06/17/human-error-data-breach/

https://www.entrepreneur.com/article/340838