In a previous post, we took a look at the serious problem of insider threats. Accounting for 30 percent of all security breaches, insider threats include well-meaning users who make mistakes or work around security policies and insiders who attack company IT systems out of malice or for personal gain. The most expensive insider attacks involve credential theft, in which outside hackers steal legitimate usernames and passwords to gain access to IT systems.
Cybersecurity
Organizations are right to be concerned about shadowy hacker groups infiltrating their IT systems. According to Verizon’s 2020 Data Breach Investigations Report, 70 percent of security breaches can be traced to malicious external actors. Organized criminal groups were behind 55 percent of breaches, and 86 percent of breaches were financially motivated.
If 2020 has taught us anything, it’s that IT strategies need to stay flexible. Experts had been saying for years that we were overdue for a pandemic, but no one anticipated that we’d need to retool our operations overnight due to lockdowns and social distancing requirements. Many scheduled projects and initiatives had to be put on hold so that IT staff could focus on enabling remote access.
Sadly, it was bound to happen. A woman in Düsseldorf, Germany, has died as a result of a ransomware attack. The 78-year-old victim was to receive critical care at Düsseldorf University Hospital, but the attack had disabled the hospital’s systems. The hospital was forced to reroute her to another facility 19 miles away, delaying her health care by an hour. It is the first known fatality linked to cybercrime.
Many people equate cybersecurity with firewalls, intrusion prevention systems and other tools that are used to protect the IT environment. But technology alone can’t prevent a security breach. On the contrary, people are the most important element in any cybersecurity program.