Human beings all over the world are unwittingly helping cybercriminals to wreak havoc on data and IT systems. How on earth have we ended up in a position where 99% of cyber-attacks need human intervention to initiate an attack?
With 65% of small to medium sized businesses in the UK falling victim to a cyber-attack, we cannot afford to shrug cybercrime off. Instead, we need to understand why this situation has come about and how to stop the attackers in their tracks.
This is a story about human beings, technology, and where the two dovetails. This is a story where we can have a happy ending.
The Human Touch and Cybersecurity
In days of old, computers were much more highly controlled. To get into a system, the cybercriminal had to work hard to get a virus onto a computer. But even then, human beings were still integral to execute the malicious software code. However, the internet upped the ante by removing natural corporate boundaries. But it wasn’t just the internet that caused the surge of cyber-attacks that we’ve seen ever since. No, it took the alignment of several planets to get us into this untenable position. Moving our corporate applications into the cloud, bringing your own device into work, connecting up vendor ecosystems, and also, human behaviour, all had a role to play. The equation of cybercriminal activity is complex, but one variable stands out – human behaviour.
The human touch in cybersecurity attacks resonates across all of industry. In fact, the human factor in cyber-attacks is at the point where the idea of the hacker in a hoodie breaking into a database, is now almost as ‘old skool’ as the idea of a virus on a floppy disk.
The Facts on Human Intervention and Cybersecurity
The Department for Digital, Culture, Media and Sport cybercrime survey for 2019, found that 80% of businesses had suffered a cyber-attack because of phishing. There was some good news from the report, incidents caused by computer misuse dropped from 1.5 million to 1 million in the year to September of 2018. However, this is still a massive number of exposed accounts and IT networks.
Insiders are an integral part of the human element in cybersecurity incidents. Both accidental and malicious employees and associates can cause cybersecurity incidents. The Data Breach Investigations Report (DBIR) for 2019, shows that insider threats account for about 34% of data breaches.
The tools that human beings rely on for work and communications are the perfect conduit for cybercrime. Email is the cybercriminals’ favourite; the perfect tool for delivery of nefarious deeds. Since email began it has been used to deliver malware or as a springboard into a website that then steals data or infects a computer. Other human tools, like mobile devices, cloud apps, and the Internet of Things (IoT) devices are loved by their owners and cybercriminals alike. Wherever the human touchpoint exists, the cybercriminal will attempt an exploit. Authentication is the perfect point at which the human-computer interface. Passwords are often the weakest point in any system or network. If you can get at a password, especially if that password is owned by someone with privileged access, you can access email accounts and even databases. Data breaches like the Collection 1, Capital One, and Equifax breaches, exposed massive numbers of login credentials, including passwords. These passwords end up on darknet marketplaces and are then used for further attacks. There were 61 billion credential stuffing attempts in 2018 – this is where a previously stolen login credential (like a password) is used to access online accounts.
Identity theft, perhaps the ultimate in where the human-machine interface is compromised, is rife. CIFAS recently said that identity theft continued to increase in 2018; it never seems to decrease. And, of course, the end result is both financial and emotional human cost.
Just Say NO! To Cybercrime with Security Awareness Training
As we see humans and machines becoming more intrinsically linked, security awareness becomes even more relevant. Technologies such as virtual and augmented reality make the link between human and machine even closer. These technologies feed off the data we generate; data such as behavioural, gestural, and personal. Every time we see new technologies enter the business landscape, we see cybercriminals take advantage of those technologies. However, as the statistics show, even with new technology, the bottom line is that human beings remain the key that opens the door to the machine.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Moving the Cybercrime Goalposts Using Security Awareness Training
The place we find ourselves in today with respect to cybersecurity attacks is grim, but we can change the metrics. It can feel like a tsunami of cybercrime at times; it may even feel like by ignoring it, it will not touch you or your business. If a human being is needed to execute a cyber-attack, then this means that a human being can stop one too. Together, we, as individuals and as a group, can say no to cybercrime. We just need to know how to say no.
Security awareness training is the “get out of cybercrime free card”. It gives our organization the means to fight back by moving the goalposts. Using security awareness training puts the emphasis on the human, not just the machine. It is about taking that human-computer interface and using awareness to show all those involved how to pull themselves out of the cybercriminal’s nefarious equation.
Sign up for a free demo of the world’s most interactive security awareness training.
Subscribe to the Proofpoint Blog