Curiosity and trust prove to be our downfall online.
In an era of record-setting numbers of data breaches, hacking events, and compromised consumer records, it’s easy to blame the technology for letting us down. But a new report sheds a little light on the real problem in cybersecurity: human error.
According to a report by ProofPoint, “Over the last year, cyber criminals have continued to increase their use of social engineering rather than automated exploits, scaling up people-centered threats and attacks that rely on human interaction. They have found new ways to exploit ‘the human factor’—the instincts of curiosity and trust that lead well-intentioned people to click, download, install, move funds, and more every day. These threats focused on people and their roles within an organization rather than just computer systems and IT infrastructure”.
What does this mean? It means that someone within the company is still as likely as ever to click on a link in an email that says, “You won’t believe these pictures I found of you online!” At the same time, an employee may be just as likely to fall for an email that appears to originate from the boss, demanding that passwords be divulged, account numbers be changed, or sensitive files be sent over.
Social engineering is much easier to pull off than advanced hacking of a network, especially one that’s supposed to have top-notch security. But in many recent headlining events, a simple mistake left a door open for hackers to walk right through. The recent rash of databases discovered online due to unsecured Amazon S3 servers illustrates that point.
So how does a business go about fully securing itself against human error? After all, yet another employee training seminar can only go so far; enacting stricter protocols like “need to know basis” access to files and servers can mean a loss of efficiency and a general feeling of devaluation and mistrust. In order to seal up the cracks and solve the employee problem, businesses have to simultaneously ensure that everyone knows how to avoid social engineering while also getting their work done.