Resources

95% of Cybersecurity Issues Traced to Human Error

Written by Robert Hall | Jan 31, 2022 9:41:15 AM

95% of Cybersecurity issues traced to human error according to the 2022 World Economic Forum Global Risks Report.

To get some idea about the scale of the problem, you have to understand the scale of the vulnerabilities. I’d like you to try and think of something in your life which does not have IT involved in its supply chain. Everything is interconnected in our increasingly IT dependant world, so what happens when a flaw becomes apparent?

That is when an equally well organised criminal network springs into life: the ability to weaponize a widespread vulnerability and then distribute this new “tool” very effectively. An example was seen in December 2021 when just a week after the discovery of a critical security flaw in the Log4j logging library (which is used in a massive number of computers running online services), the rate of attempted attacks was running in excess of 100 per minute. To achieve such a speed of process from identifying a weakness through to deploying a weaponized tool shows a very well established structure. If this tale has not got you researching the best auto-patching systems then nothing will!

Hopefully you can now see that the cyberthreat landscape contains an ever increasing number of commercial enterprises which once established, all have to generate income by whatever cyber-nefarious means they can come up with. Outside of golden opportunities such as the Log4j vulnerability where the large game can be successfully hunted, they must prey upon organisations which are less well defended. To do that, the easiest way in is to commit fraud by such means as phishing emails, CEO fraud, man-in-the-middle attacks and credential harvesting; all of which are preventable.

The modern cyber attackers do not limit themselves to simple extortion in ransomware attacks. Once they have your data they can see where your company fits into various supply chains, and this knowledge is used to contact other parties in these chains to get them to contact you to urge you to pay the ransom so that the supply chain does not come to a grinding halt. I’m sure that you can imagine the reputational damage that this would do to your organisation…

As insurance companies all know, you cannot predict an “Act of God”; however, everything else is predictable and quantifiable. Those in charge of organisations of all sizes should look at the current environment and rather than trying to save a relatively small amount of money in the short term, they should allocate sufficient resources to ensuring that they actually have a long term. There are easy precautions to take so why not take them? Insurance companies are increasingly demanding that organisations do exactly that before cover is granted!

To be put in touch with your local Brigantia cybersecurity expert so that you can find out about rapid deployment patching solutions, security training, and other solutions, please email partnersupport@brigantia.com or call 020 3358 0090.