The error in the matrix – the employee as a security risk5. April 2021 Published by Jana Greyling
This post on “Employee as a security risk” was published on LinkedIn on 20 January by Raphael Dörr. The post can be viewed, liked and shared at this link.
The fact that there is always a gap in the system was also demonstrated again recently by the hacker attack on the University Hospital of Düsseldorf: Cybercriminals took advantage of a vulnerability in the hospital’s IT security to gain access to its data system. This security gap was due to insufficiently secure technology. Yet, in the meantime, cybersecurity is deeply rooted in the awareness of most companies: Firewalls, endpoint security, detection & response, access control and many other methods are part and parcel of the defense arsenal against cybercrime – all methods that are constantly developed and improved, continuously reducing their risk of failing.
Humans as a risk factor
However, the security gap – as current studies show – is now no longer with the technology but with humans. According to the studies, more than 80% of all successful cyber attacks are the result of human error. Who would have thought that the heart of any company – its employees – could at the same time be its biggest security risk?
Most companies have a blind spot in this regard. After all, it’s their own team, who they can trust. But in most cases, it’s not the intention of the employees concerned to give hackers access to company. Most of the time, security gaps are due to negligence or good faith. The types of attacks by cybercriminals are also becoming increasingly sophisticated. In most case, however, phishing attacks still follow the same playbook. The most successful classic scams among them are still malware attachments in e-mails or drive-by downloads, tricks from the field of social engineering, and also repeatedly targeted attacks using the so-called boss scam. In particular, however, many employees especially working from home tend to be more careless in how they handle the company laptop or company mobile phone, since the boundaries between work and private life are blurred.
Key skill: Security awareness
There is, however, a simple solution to avoiding the errors mentioned: Employees can learn through training courses how to recognize recurring attack tactics that target human errors and act in the right way. That turns security awareness into a key skill in IT security. It’s only when all members of a company act in an informed and responsible manner, that the motto of any managing director can be made possible: Guarantee security at the company constantly.