Misco Newsroom / /
27.09.2017 by Misco
Dogged by threats from all sides, it’s not difficult to understand why IT has become the frontline in a new and rapidly changing online battleground. However, perhaps more concerning for those at the coalface is the fact that like many security teams, they’re probably more focused on dealing with IT complexities, thereby taking their eye off hackers.
The exploding complexity of digital businesses, says Dave Palmer, director of technology at Darktrace, is creating unique situations that have become a nightmare for many ‘human-led’ enterprise security approaches.
Speaking at Computing's Cloud and Security Summit, Palmer urged a rethink when it comes to enterprise security with defensive teams beginning to get outpaced and battling internal complexities rather ‘than external attackers’.
"Attackers have lots of places to hit, and people still want the latest technology and the opportunities that go with it, also there's also lots of inertia and a long tail of old stuff to manage too," he said.
Other research suggests that alongside battling those internal IT complexities, firms may well be needing to look more closely at their own employees when it comes to security threats within the enterprise.
Data from Vanson Bourne and Clearswift which took in responses from 600 senior business decision makers and 1,200 employees from around the world – particularly focusing on businesses in the UK, US, Germany, and Australia – found that 74% of cyber incidents were originating from within firms. Indeed, 42% of threats, whether inadvertent or malicious were found to come from employees alone over hackers who might be attempting to breach firewalls and defences.
Further information from the report discovered that attacks from parties unknown to organisations had dropped by 7% since 2015 to 26%, which is in some ways surprising given the recent spate of high profile attacks, such as WannaCry, which affected nearly a quarter of a million computers.
Even so – and despite a fall in outside attacks – 29% of businesses in the UK are now bringing cybersecurity into their boardroom agenda.
This makes perfect sense when sifting through and considering the results of other reports on the subject. Interestingly, findings from a Lastline poll of more than 130 attendees of the recent 2017 Black Hat security conference in Las Vegas, revealed that 84% of respondents whose company has suffered a cyber attack attribute it, at least in part, to human error. So once again, employees prove to be the weakest link.
So, what can be done to reduce the internal risk posed by staff? And is there a quick fix solution when it comes to human error?
With the GDPR on the horizon, says Guy Bunker, SVP Products at Clearswift, individual departments within a business will need to recognise the potential security dangers associated with the data they use.
“Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home,” he explained. “The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.”
To combat this, enterprises must educate employees on the best way to safeguard critical information, as well as motivating them to care more about the ramifications post breach, says Bunker.
“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around,” he added. “Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”
For advice or guidance on cyber security contact our Solutions Team on 0800 408 0555 or firstname.lastname@example.org