To err is human: factoring people into the cybersecurity equation

The COVID pandemic will go down in history as a game-changer for our society on many levels, particularly in terms of how we work. In 2020, 88% of organizations worldwide made it mandatory or encouraged their employees to work from home^[1]. One of the longest-lasting consequences of lockdown is likely to be the normalization of remote working and the technological developments it necessitated and accelerated.

Generalized remote working has created significant challenges for companies. Staff working remotely often use their own Internet of Things (IoT) technologies such as connected devices, and home WiFi internet connections to continue to perform their tasks. In this context, employee ignorance of security protocols, the use of unprotected personal devices, and the carelessness that can issue from the informality of working at one’s kitchen table have caused the cybersecurity landscape to shift. Cybercriminals have adapted, and new threats have emerged.

Now companies continue to face these issues as they adapt to what looks set to become the new normal – a hybrid model in which employees share their time between the office and working from home. With this and the recent uptick in cybercrime in mind, 91% of organizations have increased their cybersecurity budgets in 2021^[2].

2021’s top 5 threats

This year, companies are facing five main cybersecurity threats: ransomware, deepfakes, IoT attacks, distributed denial of service (DDoS) attacks, and insider threats. Apart from their growing frequency, what all these phenomena have in common is the role people play in creating or aggravating them and the power that knowledge and training can have to mitigate them.

Large-scale ransomware attacks, for example, often begin with simple phishing scams, which rely on a person’s complacency or lack of knowledge to open the door to cybercriminals. Deepfakes use deep learning algorithms to manipulate images, videos, or audio files to produce very convincing phishing attacks, while IoT and DDoS attacks leverage remote workers’ devices and cloud services, which are often under-protected.

One report found that 30% of data breaches in 2020 involved internal actors^[3], making insider threats one of the biggest risks to business cybersecurity. Usually due to complacency and ignorance rather than malicious intent, all these threats can be reduced with rigorous and regular employee training and thorough security assessments. 

Empowering employees to keep companies secure

Bureau Veritas can help companies reduce the risk of cybersecurity breaches by providing their staff with the knowledge and tools they need to keep their systems safe. Our expert-led cybersecurity training courses range from cloud and mobile app security to hands-on hacking, covering awareness of cyber essentials and aiming to achieve behavioral change.

In addition to promoting technical knowledge and best practices among employees, companies need to take control of their digital security with a 360° approach that ensures an appropriate level of conformity in terms of people, process and technology. Bureau Veritas supports organizations in achieving this with a comprehensive and industry-specific portfolio of cybersecurity assessment services implemented by a global network of leading experts. This suite of services offers businesses a complete picture of the maturity of their organization in terms of information security and cyber resilience.

In today’s workplace, cyber-knowledge is power. Companies can significantly reduce threats by arming themselves and their staff with skills, information and behavioral habits to make them effective, aware and empowered guardians of the (cyber) gate.

Want to know more? Discover our full range of cybersecurity services

SOURCES

[1] https://review42.com/resources/remote-work-statistics/
[2] https://finance.yahoo.com/news/78-lack-confidence-company-cybersecurity-153000182.html?guccounter=2&guce_referrer=aHR0cHM6Ly93d3cubG9nc2lnbi5jb20v&guce_referrer_sig=AQAAAJhbn_zEFqFOa1Y1nAuGYNa4ueh5BT4QzSQUuK0CGtztY2XNjNNYp_BK4LDDHoBac4ysJ-WSJC56Op84jsry0RiDKKbmaR0OE63frbMDUwCn_l-k9J8qTyW_K-jDJr_mVBIA0ab6nx-hQEviQM_1TzTwhRgx6rGmNqfyKtx5Me4F
[3] https://enterprise.verizon.com/resources/executivebriefs/2020-dbir-executive-brief.pdf