Cybersecurity has a behavioural problem

October is Cybersecurity Awareness Month, helping to make cybersecurity a priority for individuals and businesses. Everyone has a part to play in protecting their information by securing their systems and devices and a big contributor is to nail the basics – Create strong passwords, use multi factor authentication, back up your data, ensure your software is up to date.

But it’s not just about the tools you use to protect yourself. These days we are always on and connected which means multiple opportunities for you and your data to be at risk. Much of this risk is created through human behaviour which is not deliberate but just related to the way people work. For businesses it is important to have systems in place which help to reduce this risk upfront and how to handle it quickly and effectively if breaches do happen. Understanding human behaviour is an important first step to getting your security protocols right.

Spot weakness in your inbox

According to our cybersecurity partner, Tessian, 90% of data breaches start with email. Email is the open gateway to your business. It’s the most commonly used channel for targeted attacks, phishing and a major outbound route for sensitive data. The root cause of all of these threats is human error. Employees break the rules, make mistakes and can easily be hacked. *1

Secure Email Gateways and legacy email security controls rely on rule-based methods of threat detection and are unable to prevent security threats caused by people. Attackers evolve their techniques, email networks are dynamic in nature and human behaviour is inconsistent and unpredictable meaning rules are out of date as soon as they are created and signature based approaches are completely ineffective. To prevent today’s advanced email security threats, your security controls must have the ability to continually analyse, adapt and evolve based on an understanding of normal and unusual human behaviour.

Password psychology

A recent psychology of passwords survey revealed that 53% of people haven’t changed their passwords in the past 12 months and 43% felt it was more important to have a password that was easy to remember than one that is very secure. *2

The survey also revealed that people know the right action to take but their behaviour demonstrates the opposite and they are not using that information to protect them from cyber attacks. It seems that the risk is being underestimated with 71% of the respondents not realising that they had double the amount of online accounts than they thought they had. 42% didn’t even believe that their data was important enough to be worth stealing!

Password reuse seems to be the biggest issue because individuals want to create ones that are easy to remember and it is straight forward to reset a password through websites. The knock on then is that they are also not strong enough or can be predictable to others.

The rise of biometrics is helping to create an additional layer of security through Multi Factor Authentication (MFA) and users do feel more secure by using a finger print or facial recognition, but it should be used on top of an already strong and unique password.

Password behaviour is an even more significant risk for businesses rather than individuals with less care being taken with work accounts over personal accounts as they feel that businesses should have that extra level of security, not realising the important role that they have in their workplace’s cybersecurity.

Alert Fatigue

Another problem with cyber security is that we can’t have eyes everywhere or be on constant alert of attack. We have blind spots in our systems, we don’t always react in the right way or we miss things. Our new remote working world is also making businesses more vulnerable. According to a survey undertaken by another of our security partners, Arctic Wolf, over two-thirds of UK business leaders believe their company is more vulnerable to cyberattacks because their employees are working remotely and that embracing a risky working arrangement underlines that business leaders need to accept that dealing with cybersecurity challenges is a fact of life. Yet, despite the cybersecurity fears many UK businesses face, the survey also found that protection and workforce knowledge are not being prioritised.*3

The solution is in creating people and process driven security operations using machine driven learning which ensure that tools work effectively, detect vulnerabilities, threats and faster response times.

If any of this rings true for your business, then please join us on Wednesday 3 November to listen to our partners and find out how to reduce the risk for you business. Click here to book your place.

*Sources:
1 Tessian
2 LastPass Psychology of Passwords: The online behaviour that’s putting you at risk – 2020 survey
3 Arctic Wolf Survey: Majority of UK Businesses Believe Remote Work is Making Them More Susceptible to Cyberattacks