As technology continues to evolve at quickening rates, our cyber security solutions need to keep up. Whilst they are growing more advanced every day, here Scott Wilson, Business Support Manager at Highlander, explains why human error is still the biggest risk  to business’ cyber security and gives advice on how to mitigate the potential risks. 

Cyber risk is heavily mitigated by technology defences such as firewalls, antimalware and intrusion-prevention systems. However, there is still a heavy reliance on human defences that is too often overlooked. After all, making mistakes is part of being human. Unfortunately, when it comes to cybersecurity, being human can prove incredibly costly for businesses…

Scott Wilson
Scott Wilson, Business Support Manager at Highlander

Human Error
Human error is tricky to address as it encompasses a range of actions, from downloading malware-infected attachments to using a weak password. When you add our increasingly complex modern work environments to the mix, it’s not hard to see why employees consider shortcuts to make life easier.

It’s also important to acknowledge that cybercrime doesn’t need to be technically advanced. Social engineering plays an increasing role in breaches, exploiting the capability of busy and stressed employees to hand over data to bad actors without the need for a single line of malware to be written.

Human Firewall
Businesses need their personnel to be vigilant and while there’s an abundance of technology available to counterbalance human error, it’s not infallible. So, the question is: how good is your human firewall? And more importantly, how do you measure its efficacy?

Enter cyber risk testing and awareness training.
From Microsoft to KnowB4 and Mimecast, there are plenty of platforms that will convincingly simulate an attack that has breached other defences to test how much you can rely on your people to appropriately identify and avoid cyber criminality. The user population can then be scored to reveal where the most vulnerable personnel exist and who to target with training to shore up your human defences.

For all employees, continuous training injects cyber threat vigilance into daily routines. Understanding the latest social engineering techniques, common intrusion tactics and hazardous personal habits makes them savvier as human firewalls. While cyber risk is a dry subject at the best of times, leading vendors such as Mimecast have adopted an engaging, humorous approach to their training videos, helping ensure messages hit home in a memorable way.

Aside from the obvious benefits of cyber risk training, there are other factors which could (and should) encourage you to focus more heavily on your human defences.

“After all, making mistakes is part of being human.”

Cyber risk insurance
Businesses are increasingly considering cyber risk insurance, and insurers such as Hiscox are making a lot of noise about their cover, given the rising frequency of attacks. However, cyber insurers will penalise (or even worse, refuse to insure) businesses that can’t demonstrate they have taken care of this vulnerability.

Cyber accreditations
More businesses are seeking to achieve cyber accreditations such as Cyber Essentials to demonstrate their cybersecurity commitment to customers and suppliers. Cyber Essentials is a government-accredited scheme, the advanced version of which demands that human risk is adequately accounted for and regularly tested.

Cost of protection
Human error is one of the biggest risks threatening businesses today, contributing towards an estimated 95% of cybersecurity breaches according to the recent IBM Cyber Security Intelligence Index Report. However, by comparison, taking care of human risk is proportionately better value for money than investment in many other cyber technologies, and makes most fiscal sense as part of a cyber risk strategy.

Building a pervasive culture of cyber readiness expands organisational resilience manyfold. Get in touch with the experts at Highlander to discuss shoring up your human firewall and formally recognising your efforts to combat cyber threats.

You May Also Like