In a lot of organizations, the focus on cybersecurity has always been on building secure infrastructure and while the idea good in theory, it may not necessarily keep all your data safe. You need to consider the impact of a good working relationship and the understanding of how people think.
Based on the analysis of data from the UK Information Commissioner’s Office (ICO), human error was the cause of approximately 90 percent of data breaches in 2019. This goes to show that no matter how formidable your defences seem to be, no matter how strong your walls are, or how deep you think your moat is, you still need to cover your bases when it comes to your employees.
Your employees and affiliates are the most effective backdoor into your networks, no matter how secure they seem to be. They are the leading cause of data leaks and, ultimately, the biggest threat to your infrastructure.
To address this threat, you require something more than mitigation tools and techniques, more than security systems. The relationship between your employees is of utmost importance, especially in the new normal, where a lot of them may be working from home.
What your employees go through, how they handle their private affairs, and more importantly, how your attackers think, are areas you must understand. Once you have a good grasp of all these, you’ll be in a good position to know exactly what needs to be done to proactively address and mitigate potential data breaches that can lead to cyberattacks.
You need to understand that your employees may not be as security-conscious as you may desire, they may tend to be more conscious of efficiency in carrying out their tasks and less interested in whether they are ultimately putting corporate data at risk. When this is the situation, they may have the notion that security is an IT problem rather than something they necessarily need to care about.
What this indicates is that a good working relationship does not exist. Your employees may need guidance to understand how they contribute to the overall cybersecurity of the organization.
This is the reason that Marc van Zadelhoff concluded that,
“The role that insiders play in the vulnerability of all sizes of corporations is massive and growing.”
When you understand how your employees think, reason, act, and why they need to do so, you are only a few steps away from having a secure organization.
To achieve this, you need to consider the following:
When you thoroughly study your employees, it becomes easier to understand why they do certain things and when. You will also see where they need guidance and their general attitude to cybersecurity should change.
The most common motive for attacking your organization is to make money, although, this is not the situation all the time.
A cybercriminal that targets your business to make money may be out for identity theft. On the other hand, you may also be targeted for your proprietary data, such as product blueprints or customer lists.
You may be a victim of a criminal organization that’s trying to sell the data to the highest bidder, or try to blackmail your organization by locking down the data with ransomware.
If this is the motivation, you can guard against it relatively easier. You can find out what data your rogue employee has accessed, what the monetary value is to your organization, and then decide if it’s worth the demand.
A disgruntled IT professional, a laid-off worker who wants to get back at the organization, or a third-party vendor whose contract has been terminated, can be a source of data leaks. Any of these can turn that anger against your organization and cause damage.
When you observe signs that things are going wrong with your employees or affiliates, a possible solution is counselling. This will ensure that they regain trust, passion, and communication with the organization.
You will be able to discover when employees decide to be ordinarily malicious and then take necessary actions to prevent them from causing damage.
To Change Your Stance
If you have not been treating your employees well, you can be targeted by politically or socially motivated ‘hacktivists.’ They are criminals, but they only want to wrest a change out of you.
One of your employees may belong to this group and will capitalize on their reach and prowess to release damaging information about your organization. As an insider who has been privy to certain vital documents, this is relatively easy.
This may turn out to be the type of attack that will hurt you the most, these people don’t want your money, they only want to break you and bring you to your knees. They are only satisfied when you have agreed to their demands.
Good cybersecurity should not be seen as infrastructural and technology-based issues alone. You must endeavour to understand both your employees and the people targeting you.
Your best bet is to apply a psychological approach to ensure that your employees, systems, and data are safe from those who may want to harm you.
I hope you found this article helpful. Let me know what you think in the comments!