According to cybereducation company Cybint, human error is the cause of about 95% of cybersecurity breaches and this vulnerability is costing companies billions of dollars. In this article, we discuss the value of understanding the mechanism of cybersecurity; how war and COVID-19 have intensified the cybersecurity landscape; and how employees can help protect businesses against cybercriminals and cyberattacks.

Human intelligence and greed have brought the world to the forefront of cyber warfare. Countries fight to save their place in the world, and protection against cyberattacks has become a key element in preserving their integrity, substance and sanctity on this cyber battleground.

Although you are probably aware of the Russian-Ukrainian conflict, you may not realize how much of an impact this war has had on cybersecurity around the world. Many countries and companies have been caught in the crossfire and have become victims of the ongoing conflict. According to a study published in 2022 by the Center for Strategic and International Studies, several cyberattacks that targeted Ukraine also disrupted services in America and Italy. This includes multiple private and public sector DDoS attacks targeting the personal accounts of government officials, media organizations, energy facilities, post offices, and more. For example, according to the study, the American company Viasat was attacked, which disrupted Internet services in Europe, including Ukrainian military communications at the start of the Russian invasion. The attackers hacked into satellite modems belonging to thousands of Europeans to disrupt the company’s service.

The same study reported that one of the attacks that caused two of the country’s largest banks to go offline was the result of an information attack where Ukrainian citizens received spam text messages claiming that ATMs weren’t working. It is important to note that the hackers used ordinary citizens as a way to infiltrate the network of banks.

With the majority of the workforce working remotely, COVID-19 has proven to be a golden opportunity for cybercriminals. From a cybersecurity perspective, working from home is not as safe as working in an office due to a lack of protective measures. Even if you install anti-malware software and firewalls, criminals will have an easier time getting through than if you were in an office environment monitored by IT personnel. Also, not all companies provide a virtual private network (VPN) to their employees. VPNs provide a secure, encrypted environment that users can enter and work in and restrict unauthorized parties, such as cyber attackers. Many people work in a cloud-based workspace that is not tunneled through a VPN. Additionally, people have been victimized by fake and malicious coronavirus news websites. As the International Criminal Police Organization (Interpol) reported in April 2020, there has been an increase in domains registered with the keywords COVID or corona, to take advantage of the growing number of people seeking information about COVID-19.

When employees don’t understand their role in protecting the cyber environment, it puts the entire company at risk. While humans are the weakest link, they are also the strongest firewall that can protect against cyberattacks. Jen Easterly, US director of the Cybersecurity and Infrastructure Security Agency, said earlier this year in an interview with CNBC that cybersecurity is not a technology issue; it’s about people and human behavior. This is a persistent problem and so we need to focus on how we can protect ourselves. Employee social behavior is key to protecting against cybersecurity threats. According to a 2021 paper from Columbia Southern University, an important concept when learning behavioral analytics in cybersecurity is understanding both how individuals create risk for organizations and how to mitigate that risk. It starts with understanding that hackers will always seek the easiest path possible through a network, which often goes through employees and other people.

When we think that all of our cybersecurity bases are covered, that’s when we fall victim to vulnerability. Humans are constantly being manipulated and attackers are constantly evolving. Therefore, educating the human workforce on how to protect against malicious attacks is the most important route to protecting your business. It is essential for companies to train and educate employees. The scale may be small for a small business, but even the smallest organizations need to perform regular and timely cybersecurity risk assessments.

The rules to follow when training employees are simple and even include minor precautions, such as:

Maintain presence of mind.

Exercise caution in dealing with e-mails.

Be careful when browsing the web.

Avoid illegitimate websites.

Make sure you don’t transmit sensitive information when talking to other people.

Respect the cyber rules that exist within your organization.

Limitation of access to sensitive data.

Management should also be trained and educated on:

What and how the IT department (whether external or internal) manages the cyber environment and the associated risks; And

Topics such as securing access points and networks; how web and email filters work; how patching works; and whether it has been properly implemented.

Finally, it is important to understand that as technology becomes more sophisticated, so do the mechanisms of infiltration. For example, a virus would be a mechanism. Therefore, organizations must not only limit the use of traditional cybersecurity tools, but must also implement the latest solutions with artificial intelligence and machine learning capabilities. Understanding the facets of cybersecurity may seem esoteric, but it’s simple and only requires awareness and collective effort. This can save billions, even billions of dollars. Let’s not make it a vain hope.

Sources