There is a bit of a misconception that an army of masterminds has created computer viruses, malware, spyware, trojans, ransomware and crypotjacking programs that can hack any system, breakthrough any firewall, and generally defeat every kind of IT security there is.
That army is true enough and their goal is as well, but more often than not they’re not having to do all these mastermind techniques to breach company websites, servers, and databases. In fact, most of the time, they just walk right in through the unlocked front door.
A recent poll by SolarWinds found a disturbing but not surprising trend in cybersecurity incidents over the past 12 months.
Mistakes by internal users – meaning employees – were responsible for 80% of the exposures. That means that for every five cybersecurity problems, four of them are the doing of someone working inside the company. That doesn’t mean that all of them are people letting hackers into the system for personal gain – although that is the case as well, that does actually happen sometimes.
Other leading issues are exposures caused by poor network system/application security (36%), external threat actors infiltrating networks and systems (31%), malicious employees stealing assets or IP information (15%), and other incidents taking up 3%.
Breaking Down Internal Mistakes
So what sort of internal mistakes is the survey talking about and how do they occur? The biggest is poor password management, with 45% of tech pros saying it is the most common cause of internal breaches. Using a password manager like Dashlane can slow down a lot of these mistakes.
These poor management skills include accidental exposure of passwords, accidental deletion, corruption or modification of critical data (40%), along with copying data to nonsecure devices (36%). Not surprisingly these kinds of inadequate ability from everyday workers have an overwhelming majority of tech pros (89%) saying they don’t think they can successfully implement or manage cybersecurity tasks with their current skill set.
The People Problem
If a company has a strong antivirus system in place, it’s already taken its first step into a larger world of cybersecurity. But even that is not enough. The users of the Internet and all its components in a company must be in harmony and must work together to bridge gaps and reinforce policy throughout the life cycle of the company.
Imagine instead of protecting your data, your system was designed to make sure no bombs went off that were kept under the ground of the building you worked in. In such a case, you wouldn’t just tell people about the bombs and how not to set them off in their first week of orientation, would you?
No, you would drill the procedures into their heads as often as possible and use incentives and the lack thereof to motivate people to perform their duties to a tee.
For most companies, having a data breach is the equivalent to having a bomb go off. The damage runs deep, affects everyone, and is difficult to rebuild while still going on with business as usual. Making cybersecurity a part of corporate culture is the only way to get people motivated by it.