In our increasingly interconnected world, cyberthreats continue to evolve at a rapid rate. This past weekend’s global outage of PC systems created havoc in transport, retail, banking and many other sectors, and was a major wakeup call.
Most companies invest time and money into shoring up cybersecurity defences by adopting a long list of security measures, anti-virus solutions, and software. IT departments diligently perform operating system patches as soon as they’re available, support employees with virtual private networks, practice Mobile Device Management (MDM) best practices, and employ MTM capabilities. There’s also routine vulnerability scanning and data encryption.
Employees are the first line of defence in mobile security
Nevertheless, according to Verizon Business’s 17th-annual Data Breach Investigations Report, published earlier this year, out of the breaches they analysed, 68% were described as having a ‘non-malicious human element’, meaning they were insider errors or people falling for social engineering schemes. As this figure is consistent with last year’s data, it suggests that human error continues to be a significant risk area.
Accordingly, it comes as little surprise that IBM’s X-Force Threat Intelligence Index 2024 report highlights a 71% year-over-year increase in cyberattacks that use stolen or compromised data. These days, attackers are stealing and selling data rather than using ransomware tactics for extortion. So, despite companies bulking up on cybersecurity measures, it seems that cybercriminal have found the fastest way to get the data they want is by targeting organisations through people.
As we discussed in a previous blog, as your employees play a vital role as the first line of defence in cybersecurity, it’s critical that they’re not the weakest link in your security system. This means, it’s essential to support continuous cybersecurity awareness training and reinforce cybersecurity best practices, including the importance of secure communication and the potential risks involved in sharing sensitive information.
Investment in cybersecurity education pays dividends
As human error manages to evade even the most stringent security measures, ongoing training and education is vital. This should address specific risks, including recognising phishing emails and social engineering to using strong passwords and avoiding suspicious websites.
To assess what their people have learned from cybersecurity training, some companies are now simulating their own social engineering phishing attacks. Depending on what bites they get, it provides a firsthand view of potential exposure. But make no mistake, this is a test that results in a fail, should just one of your employees click on the link.
Adherence to Zero trust
Regardless of the outcome of a phishing simulation, on top of continuous cybersecurity education, employing a zero-trust security model is now a standard measure. Zero trust requires verification of every access request, implementation of multi-factor authentication for sensitive systems, and adherence to the principle of least privilege. With zero trust, no user or device is automatically trusted.
Free Download:
Enterprise Mobility Security
If you’re interested in adopting zero trust practices, contact our team to explore enterprise mobility security best practices. For more information on boosting your cybersecurity posture, download our explainer, A CEO's Guide to Mobile Data Security.
Given the potential penalties and reputational damage from a cybersecurity breach, it might be a good time to get imei to perform a security audit of your company’s communication channels and systems to identify any potential vulnerabilities or weaknesses.
