From Yahoo to TalkTalk, and Wonga to Kmart, wherever you look today data breaches dominate the headlines. In fact, organisations are urged to assume it’s a case not of “if” but “when” they’re hit, and plan accordingly. The repercussions could be disastrous: a recent Centrify study revealed that on average share prices tumble 5% following a breach, with a third (31%) of customers discontinuing their relationship with the affected firm.
But where do these breaches stem from? Human error has long been pegged as a major contributing factor, so we decided to take a snap poll of attendees at Infosecurity Europe to find out more. They overwhelmingly flagged distraction and boredom (35%) as the main causes of human error in the workplace. The next question is: what can be done to mitigate these risks?
At Infosecurity Europe
In total, we polled over 160 Infosecurity Europe attendees on day two of the show; these being predominantly cyber security and IT professionals. Aside from the top answer, they pointed to heavy workloads (19%), poor management (11.5%), and a lack of recognition of their data security responsibilities (8.5%) as contributing to human error. Other popular answers included excessive policies and compliance regulations (5%), social media (5%) and password sharing (4%).
What can we gather from this? Employee errors stem from a range of factors, which in turn can play a major part in data breaches. Yes, despite the perception in many people’s mind that breaches emanate from shadowy cybercrime gangs, determined nation state hackers and lawless hacktivists, many come as a result of the insider threat. In fact, 15% of breaches were down to insiders last year, according to the latest Verizon Data Breach Investigations Report.
The Weakest Link
Our snap poll shows we all need to be more aware of what we’re doing at work. Humans remain the weakest link in cyber security, which is why hackers are increasingly targeting employees with phishing attacks. Again, Verizon figures claim that phishing was present in a fifth (21%) of attacks last year, up from just 8% in the previous report.
So how do we mitigate the risks associated with human error? Passwords remain a major problem. They can be phished, cracked or even guessed with increasing ease today, providing hackers with the metaphorical keys to the kingdom; access to the corporate network. Employees also tend to use weak credentials and reuse passwords across multiple sites and apps – making the bad guy's job even easier.
The answer is some form of risk-based multi-factor authentication. It enhances password-based systems by requiring extra information from the user if the log-in attempt is deemed particularly risky.
This way, even if passwords are stolen they cannot be used to access an account, while users are kept happy with a simple-to-use system which doesn’t impede productivity. Major organisations such as Remy Cointreau -- which shared its story on day one of the show -- are benefitting from just this approach, made possible by Centrify.
Our Infosec poll revealed that over half (57%) of respondents believe businesses will eventually trust technology enough to replace employees as a means of avoiding human error. Yet as Centrify has proven at Remy Cointreau and countless other organisations around the world, the technology already exists to mitigate human error and ensure firms can stay safe and productive. We just need to ditch those password-only access systems.
Learn more about how Centrify simplifies management for IT for Remy Cointreau here.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.