A recent IBM and Ponemon report highlighted that data breaches now cost, on average, £3.18m. With such a high price tag attached to a breach, organisations need to strengthen their defences, starting with their employees.
The proliferation of smart and Internet of Things (IoT) devices in modern offices has given hackers more opportunities to penetrate networks across a wider range of attack vectors.
However, for organisations looking to better defend themselves, a combined human and technology-driven approach is essential.
Organisations can fight back with human firewalls and technologies, including artificial intelligence (AI) and machine learning, creating a unified defence against attacks.
The numbers problem
Protecting a few people and a few devices from threats would be one thing, but that is not the reality of today’s landscape.
Instead, day-by-day the number of internet-connected devices (smartphones, laptops, tablets, TVs and so on) grows. Gartner predicts that by 2020 there will be more than 20 billion such devices worldwide.
Laptops, tablets and smartphones often have multiple uses as their portability and connectivity enable deployment in both personal and professional settings.
Smartphones in particular are often used in both settings as people have their work emails on their personal phones, messaging apps on their work phones or one phone that is expected to be used for both purposes. It is easy to see how this fluidity complicates security and increases the risk of human error. The most common hacks are phishing scams, which are the root cause of more than 90% of breaches.
Building the defence
Training employees to form a human firewall should become central to organisations’ cybersecurity training protocol.
Cybersecurity within organisations applies to everyone, and all are equally at risk. Therefore training needs to be comprehensive across the organisation, covering entry-level employees all the way to the C-suite.
While it may seem easier to run a company-wide seminar or send around a webinar for everyone to listen to, it is often much more effective to teach people using humour and practical lessons. This is important for a subject such as cybersecurity where the content is often very technical and can be difficult to digest.
A common tactic employed by organisations is for the corporate IT department to send a simulated phishing email to all employees. This email should be structured in the typical manner of these scams, for example offering a tax refund or free holiday. The simulated email will allow the IT department to track who opens the email and how far through the process they go.
They should follow up with an email to the whole organisation informing them that the email was a simulated test, giving an overview of the results. For example, “5% of the C-suite inputted their personal details” and a short explanation of why these tests are important.
For those that failed the test, the IT department should follow up with them individually to give them more detailed feedback. These tests can be varied and carried out periodically to ensure that employees recognise all potential warning signs. Training employees in this manner is a light-hearted but clear and effective tool as part of a wider cybersecurity awareness programme.
A human firewall will form as employees learn to recognise the signs and automatically report suspicious emails to the IT department, making it much harder for hackers to break through. As previously mentioned, creating a human firewall is most effective when human efforts combine with technology. So, how can technologies help?
The advancement of technology is largely the route of these security issues, but technology can also be the solution.
Simulated phishing emails allow IT departments to track employees’ responses to that particular email, but machine learning and AI algorithms can study network traffic patterns and the subject lines and body text of multiple emails.