CHATSWORTH, Calif., Oct. 12, 2016 /PRNewswire/ -- According to leading industry and government reports, over 90% of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers.
The most common, easy, and low cost method used to steal access and other sensitive information from employees and other system users is spear phishing which is often a fake email asking potential victims to click a URL and fill out a form on a fake website or click on attachments and links which download malware onto the users' computing devices leading to unauthorized access.
"Despite all the attention and resources that cybersecurity is receiving from the media, executive management, and governments, organizations still fail to protect their most valuable assets from hackers because they focus too much on network security while ignoring the employee identity theft and access exploitation risk," says Henry Bagdasarian, the Founder of Identity Management Institute.
Human error doesn't just lead to identity theft and access giveaway in phishing attacks. Other errors that employees and management make that facilitate security incidents include hiring criminals due to improper background checks, allowing inactive and orphan accounts with no ownership to exist, creating excessive number of highly privileged accounts, and sharing passwords.
"The main reason why we ignore the reports which point to human error as the main root cause of data breaches is the belief that only network security can stop hackers in the Internet world. This is not an accurate assessment because as organizations excessively fortify their network security with intrusion detection and prevention technology, data breach incidents continue to rise," continues Mr. Bagdasarian.
Companies are failing to prevent cyber intrusions because they fail to address the weakest link in the information security chain which is people (employees, contractors, customers, and vendors) who have access to systems.
The best solution against cyber threats is to have a balanced security approach that recognizes the network security strengths as well as its limitations, automates security enforcement as much as possible, and, improves identity and access management processes to reduce employee errors and ultimately security breach incidents.
One of the most important components of an effective cybersecurity program is a mandatory and frequent training to remind employees about cyber security risks and consequences of violating security policies to the organization and themselves including employment termination. Employees should also understand the risks of taking devices containing confidential data out of the secure workspace which can be stolen from cars and homes, disposing of devices and data improperly, and, sending confidential files and messages through unsecured channels or to the wrong recipients.