Cyber Breaches: the Human Cost
As an IT Managed Support company, we occasionally have to witness first-hand the harmful impact of cyber-security breaches in businesses and organisations within our own region (the NSW Mid North Coast).
Although we provide advice and technical solutions for protecting IT networks, it can sometimes be the human element which provides the opportunity for hackers to wreak cyber-havoc.
Emails prompting us to verify our account credentials, enticements to benefit from a tax or employment rebate, or even a cure for COVID-19 all might appear to be harmless requests, particularly if we’re rushing to clear our inboxes due to the pressures of the modern workplace. Now, more than ever, the old adage “It’s too good to be true” is still painfully relevant.
Unfortunately, a staff member responding to a request to verify their identity could end up resulting in enormous data loss. Once confirmed, various hidden components can be embedded into your organisation’s network to just sit and wait, quietly gathering data for weeks (or even months) before triggering a more aggressive financial scam (phishing). While firewalls and other network security measures are highly effective, email users are unfortunately the Achilles heel in the front-line of cyber-security.
You could argue that as technologists we should use technology to prevent people from taking this type of risk, however, we could also say that as humans we all fundamentally take risks in everyday life. In that sense, educating email users so they have a greater awareness of the potential risks is an essential element of an overall strategy in avoiding cyber-security breaches.
If major global organisations (Adobe, Facebook, Microsoft, Westpac to name but a few) can get hacked, we should accept the possibility that at some point any of us could be subjected to a data breach. Once a breach has been detected, it’s the recovery of data, the time and resources it takes to rectify, and also knowing who you should communicate the breach to, which become important.
Following a cyber-security breach, organisations can be under increasing stress in dealing with a disrupted workplace (potentially with no IT systems or telephony), angry customers not able to process transactions, loss of income whilst paying wages, and a huge negative reputational hit. There is also the issue of valuable funds being diverted to unknown entities that are extremely difficult to trace, creating enormous financial uncertainty. Not much fun for anyone given the victim thought they were just getting a tax rebate or verifying their email login details.
In summary, it’s not just a tech issue; it’s a human behaviour issue as well.
We look forward to discussing with you further if you want to educate as well as mitigate risk. We can even offer targeted “phishing simulations”, which help to identify personnel who may be more susceptible to phishing attacks, and as a result, require additional education to assist them in being able to better identify threats.
Please contact us for more information.