Bluf
In the ever-growing world of technology, we seen an increase of complex cyber threats. But for business and organizations the biggest threat is not any outside entity’s but really their own employees within the organization. According to the CISO Mag, 88 percent of data breaches are due to human error. In this paper I will be explaining how human error effects a business and how a CISO can mitigate these issues.
The Effects of Human error on a Business
From a study conducted by Kaspersky Lab and B2B International with over five thousand businesses 52 percent of the business in the study believe that they are at risk from within. During the covid nineteen lockdown the human factor played a key role in making many businesses worldwide vulnerable. In cybersecurity Human Factors are any actions or events that can result to a data breach. These factors can result from lack of awareness, inappropriate access control, or negligence. According to IBM, the average cost of data breaches from human error stands at $3.33 million this is an expense that many businesses cannot afford. But one thing business must take into consideration is that humans are going to make mistakes and there is no way to fully resolve these factors. A company can remedy these problems with the help of their CISO or Chief Information Security Officer.
How to Mitigate the Human Factor
The job of a CISO focuses on developing and leading the information security program of an organization by involving the organization’s assets protecting them and enabling and advancing business outcomes. The most important investment a company and CISO can make in cybersecurity to aid in human factor would be training their employees. So, their employees will be able to identify and defend against threats. According to the Kaspersky article, 49 percent of businesses worldwide reported viruses and malware attacks in 2017 of these incidents 53 percent of the attacks were because of careless/uninformed employees the other 36 percent was due to phishing/social engineering. More in-depth and direct training can help prevent employees falling for these threats. Training on updating software, good password hygiene, and the ability to recognize many cyber threats. Another great tool CISO implementing and maintaining policies that can restrict file access. If employees require access to new files or files, they have no access to the CISO can set a time limit on how long they have access to them. Many files management systems offer these privacy settings making easily accessible and easy to achieve for many businesses.
Conclusion
During my research for this paper, I find that many businesses and organizations biggest threat is within. Even though many of these businesses recognize that the issues that the human factor can cause there is no fool proof way to prevent any incidents. That is why in the end a comprehensive regulatory training is the most effective to prevent any human or employee caused cyber threat.
References
What Is a CISO? Chief Information Security Officer. (n.d.). Cisco. https://www.cisco.com/c/en/us/products/security/what-is-ciso.html#~ciso-role-explained
Kaspersky. (2017). The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within | Kaspersky official blog. Kaspersky. https://www.kaspersky.com/blog/the-human-factor-in-it-security/
CYDEF. (2021, May 19). The Human Factor: The Hidden Problem of Cybersecurity. CYDEF. https://cydef.ca/blog/the-human-factor-the-hidden-problem-of-cybersecurity/#:~:text=The%20human%20factors%20in%20cybersecurity%20are%20actions%20or