The Human Factor in Cyber Security

Comments are off
1
Marcelo Orlandi
The Human Factor in Cyber Security

In today’s world, everything is interconnected.

This means that your TV is connected to different stream providers such as Netflix, YouTube, Stan and many others. This does not take into consideration that you may have downloaded many other applications to have an “all-in-one” experience.

The most common example of this type of experience is a single smart TV connected to the internet, but we forget about other devices that have these capabilities such as baby monitors, ring bells, smart refrigerators, and so on. Yes, it’s easy to forget that they are also connected to the internet.

Baby monitors may be connected to the provider cloud, ring bells to your mobile phone while you are away to see who is at the front door and smart refrigerators to see if you still have milk in the fridge while you are at the supermarket.

All these devices are behind what is called a firewall, a device which sits between the Internet and your house. The same type of device is used in businesses and big organizations.

All this new technology has been created to make our life easier. And it does in the sense that it adds convenience to our already busy lives, but it also adds another layer of complexity.

 

From home to work

While at home, you may have a firewall which has been provided by your current Internet provider. At work, normally these devices are more expensive. Well-known brands are often used in businesses. These big brands such as CISCO, FortiGate, Juniper, and so on come with extra support, maintenance, updates and features which you may not find at home. The purpose of all of this is to keep the bad guys outside the network perimeter.

In addition to that, you may find that in businesses there are security elements which you don’t have at home such as web filtering, application control, data loss prevention, and so on. These types of technologies are normally deployed in organizations who can afford this level of security.

Having said that, organizations have a bigger budget than the household does. However, even if you deploy the most expensive firewall, the most expensive Intrusion Detection and Prevention systems, you still have your last level of defence untrained… the human factor.

These are the end users, and this “human factor” is a security factor in both areas, at home and in in any businesses.

 

Why is the human factor a security problem?

Many companies out there focus on the “devices” factor, in the “one-fits-all” solution, and even there they are compromised. A password of a critical system could be leaked, a ransomware is deployed inside their perimeter, and so on. After the event typically comes the finger pointing stage, where questions are asked about, what about spending more money in a better firewall? Or more money in a better antivirus? And so on, leaving out of the equation the human factor.

In recent years there has been a significant increase in cyber attacks and attempts to exploit human vulnerabilities using social engineering methodologies. The problem is that a very common error that occurs today, and makes many companies vulnerable to cyber-attacks, is that they only care about the “tool” during the implementation process. Now, human factor is a very important element in any cyber security ecosystem.

 

Work culture

There are many books and literature about work culture, most of them aiming to study the processes and attitudes of the employees within an organization.

Just to put name a few, “The high engagement work culture – Balancing Me and We” – from D. Bowles and C. Cooper, focuses on “the way we manage our employees has not kept pace with the changing nature of workplaces, growing competition and the changing attitudes of people at work. This mismatch is not sustainable.” Here’s another good one, “Culture your culture – Innovating Experiences @Work” – from Karen Jaw-Madson, who shows that “organizational culture isn’t just a hot topic, it is an untapped asset of potential liability for all businesses”.

You can find plenty of literature about organization culture, how to approach, understand and change it. However, Cyber Security Awareness is one which is normally left away. Let me put this in simple terms, your employees are your last level of defense!

It does not matter how much money you throw on the best firewall in the world, or even your best antivirus, you only need a simple email going through all your defenses and reaching the end-user mailbox waiting to be clicked, opened and suddenly your network compromised.

How simple and easy is that?

For that reason, human factor in cyber security is becoming an increasingly important element when designing and implementing cyber security in any company. Your employees do not need a cyber security degree or even get a certificate in security, they only need to understand and be aware of current security trends out there and be alerted when something out of the normal happens.

There are a number of applications, tools, and services which can help your employees to be more alert, but at the end of the day, the culture will change only if the top executives and management see that as a necessity rather than “an end-user problem”.

Want to know more about helping your end-users understand more about cyber security? Learn about our Security Awareness Training options, to make sure that your last level of defense is strong enough to stave off even the trickiest phishing attacks.