Negligence of human resources is one of the biggest gaps in cyber security defense in the face of targeted attacks, according to a recent report from Kaspersky Lab.
A total of 46 percent of information technology security incidents are caused by employees each year, so vulnerabilities in the business must be addressed at various levels, not only through the information technology security department.
"Cyber criminals often use employees as entrances to the company's infrastructure, phishing emails, weak passwords, fake calls from technical services," Kaspersky Lab Security Researcher David Jacoby said in Jakarta on Friday (11/8).
Unfamiliar or careless employees occupy the second position after malicious software in cyber security incidents.
Although malicious software continues to grow and become more sophisticated, Jacoby says, the facts show that human factors pose a greater danger.
While experienced hackers are likely to always use malicious homemade software and high-level techniques to plan attacks, they will most likely start by making use of the easiest entry point, which is human weakness.
"Even ordinary USB deliberately dropped in the office parking lot or near the secretary's desk can endanger the entire network, which can easily be connected to disastrous networks," Jacoby said.
According to the study, as many as 28 percent of attacks targeted at businesses during 2016 use phishing as a form of attack.
For example, a careless accountant can be easily tricked into opening a malicious file disguised as an invoice from one of the company's contractors, disrupting the entire organizational infrastructure, and making the accountant an unintentional accomplice to an attacker.
There is also the best way to protect organizations from cyber-related threats to humans by combining the right tools with the right practice.
A total of 46 percent of information technology security incidents are caused by employees each year, so vulnerabilities in the business must be addressed at various levels, not only through the information technology security department.
"Cyber criminals often use employees as entrances to the company's infrastructure, phishing emails, weak passwords, fake calls from technical services," Kaspersky Lab Security Researcher David Jacoby said in Jakarta on Friday (11/8).
Unfamiliar or careless employees occupy the second position after malicious software in cyber security incidents.
Although malicious software continues to grow and become more sophisticated, Jacoby says, the facts show that human factors pose a greater danger.
While experienced hackers are likely to always use malicious homemade software and high-level techniques to plan attacks, they will most likely start by making use of the easiest entry point, which is human weakness.
"Even ordinary USB deliberately dropped in the office parking lot or near the secretary's desk can endanger the entire network, which can easily be connected to disastrous networks," Jacoby said.
According to the study, as many as 28 percent of attacks targeted at businesses during 2016 use phishing as a form of attack.
For example, a careless accountant can be easily tricked into opening a malicious file disguised as an invoice from one of the company's contractors, disrupting the entire organizational infrastructure, and making the accountant an unintentional accomplice to an attacker.
There is also the best way to protect organizations from cyber-related threats to humans by combining the right tools with the right practice.
No comments:
Post a Comment