You know things are getting real when the FBI and Secret Service get involved. When it comes to protecting your organization, traditional, siloed security no longer holds a candle to today’s persistent cybercriminals, who still slip through the cracks, sometimes without organizations’ knowledge; we saw this in last week’s Searchlight, where one major technology firm’s intellectual property was being stolen right under its nose.
As Bruce Schneier, CTO at incident response startup Co3 Systems, told the audience at a recent security conference in Boston, “Fundamentally, attacks are by people and response is by people.” Indeed, according to Dell Security’s infographic, “The Human Side of IT Security,” more than two-thirds of data breaches are associated with humans. Strategic, targeted attacks can only be intercepted, taken apart and thoroughly analyzed by humans equipped with the necessary tools and expertise.
For small businesses, which don’t necessarily have large security budgets, hiring a dedicated security executive might be a challenge. However, there are other ways to fine-tune your SMB’s security culture to take into account not just security tools and processes, but also people. “If you can’t remove the people from the loop, make them more effective,” Schneier said.
Dell’s infographic offers the following tips for tackling vulnerabilities:
Phishing. This type of email fraud makes up 91% of targeted attacks. Because spear-phishing targets unsuspecting employees, IT should constantly educate end users, test their knowledge of security best practices and have a clear, responsive reporting protocol in place — and make sure employees are aware of it.
Infected websites. Sixty-four percent of users admitted to visiting non-work websites every day. Dell advises employees to be cautious about where they click and to apply security patches as soon as they’re available.
Weak passwords. Often the Achilles heel of security processes, easy-to-hack passwords account for 76% of network attacks, according to Dell. IT must enforce airtight password policies, including two-factor authentication and single-sign on, urge end users to create and memorize strong passwords, and discourage giving them out to others.
Security culture. “IT security technologies are only as effective as the people who use them,” Dell says. Fifty percent of organizations with a security awareness program were less likely to suffer an employee-related breach. The infographic advises organizations to hire a chief information security officer; for smaller businesses, perhaps appointing an executive to sponsor security would be more feasible. IT should also encourage a strong security culture by regularly administering security training and compliance programs.