• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

The Best Security Consultants

Menu
  • Security Consultant
  • Industries
      • Aviation and Airport Security Consultants Australia
      • Defence & Defence Industry Security Consulting
      • Government Security Consulting
      • Healthcare & Hospitals Security Consulting
      • Corrections and Detention
      • Maritime Security Consultant
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • School and Education Security Consultant
      • Telecommunications Security Consultant
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity Consultants
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Cyber Audits
      • Data
      • Pandemic Planning
      • Azure
      • Electronic Security
      • IT Disaster Recovery Plan
      • Business Continuity Consultant
      • Identity Theft Consultant​
      • Security Consultants
      • CCTV and Security Cameras Consultant
      • ISO
      • Duress Alarms
      • Cloud
      • AWS
      • Awareness Training
      • Penetration Testing
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Are Humans the Weakest Link in the Cybersecurity Chain?

You are here: Home / Security News / Are Humans the Weakest Link in the Cybersecurity Chain?

Cybersecurity is an exceptionally misunderstood concept by both employees and employers – just decades ago it was little more than a myth to the public. With the growth of the internet age, awareness has slowly emerged and cybersecurity has been brought to the forefront. However, there is a central element of cybersecurity that can sometimes be ignored: humans are often the weakest link in the chain. And, as the old proverb goes, you are only as strong as your weakest link.  people at work

A 2018 report has found that 88% of data breaches in the UK were actually caused by human error. Indeed, as far back as 1999 unsuspecting individuals have been targeted by attackers, with the Melissa virus causing $80 million in damages by infecting Microsoft Word documents. The virus was disguised as a harmless email attachment that wreaked havoc when opened by victims. Another report found that 78% of security professionals believe that the biggest threat to endpoint security is employee negligence in security practices.

Weak or Unprotected?

It is important to realise that employees that fall victim to these attacks are not acting carelessly. These attacks are thoughtful, clever and targeted. They are designed, through social engineering, to prey on vulnerabilities and use techniques they know will have a high rate of success. They will use authority figures and uncertainty to convince employees that they are doing the right thing. Or, they will design their attacks to look commonplace so that employees act simply on habit.

A 2016 study by Agari, a leading cybersecurity company, showed that 60% of enterprises became victims of social engineering attacks in 2016. From these attacks, 65% of employees credentials were stolen and 17% of the companies’ financial accounts were breached. Social engineering attacks, the report explains, rely on human interaction and fraudulent behaviour to trick or deceive targeted employees into performing harmful actions. They are the fastest growing security threat for companies today, says Agari.

Chief Scientist for Agari, Dr Markus Jakobsson, explained that they “expect to see a catastrophic growth of these types of attacks in the future, fuelled by both their profitability and the poor extent to which businesses are protecting themselves, unless these organizations begin taking the necessary technology-based countermeasures to prevent these attacks”. This technology-based countermeasure echoes the rhetoric of other security experts who believe that humans are indeed not the weakest link in the chain, but rather technology.

For example, Theresa Payton, CEO of Fortalice Solutions and former CIO for the White House, suggests that “the time has come to move beyond the security mantra ‘don’t click on email links or open attachments and we’ll all be safer’”. Having said this for 15 years and with attacks on the rise, Payton believes it simply doesn’t work to place the blame and responsibility on employees.

Payton recognises that “from a social engineering standpoint, it has never been easier to trick employees…business email compromise is one of the largest unreported crimes after ransomware.” However, she asserts that technology should be designed to secure the human, with technological safety nets being put in place to protect targeted employees. This would involve processes such as network segmentation, two-factor authentication and hardware authentication devices such as Yubikeys.

When Technology Fails

However, there remains a strong assertion amongst security experts that human error is the weakest link for companies.

Leader of BakerHostetler’s Privacy and Data Protection team, Theodore Kobus says that “no matter what technology we put in place, no matter how much money we spend on protections for the organization, we still have people and people are fallible”. He suggests that, to stem the flow of social engineering attacks, employees must constantly be warned to slow down, stop and consider all emails, and “either walk down the hall or phone to ask a colleague if they sent the email”.

Andrew Beckett, the managing director and EMEA leader for Kroll, mirrors this idea. Beckett believes that “effective cyber security is not just about technology. Often, companies buy the latest software to protect themselves from hackers, but fail to instigate the data management processes and education of employees required to mitigate the risks”.

Training and educating employees on what to look for, how to react and double-check the sources is essential. More importantly, employees must not be scared to report their mistakes, as reaction times to these attacks often have enormous impacts. An article by Forbes highlights that cyber awareness is key. As a suggestion, the article puts forward automated training utilising gamification, saving companies huge amounts of money and time. If employees have 24/7 access to training that is interesting and informative, this could make all the difference.

Developing the Strongest Chain

Human error has proven to be the weakest link in the chain when it comes to enterprise cybersecurity. However, companies are neglecting their responsibility to prevent their employees from being targeted using technology safety nets and awareness training.

Importantly, however, companies cannot rely on shiny new technology to protect themselves from clever social engineering attacks. These attacks are particularly hard to stop, as employees growing up in the technology age are accustomed to rapid-fire responses and are programmed to trust emails and answer them quickly.

Companies have a lot of work to do when it comes to shoring up their cybersecurity practices. And this starts from the ground up, from their locks and office security to the education of their employees and the introduction of security programmes. There is no one-size-fits-all approach when it comes to cybersecurity readiness. It requires an enterprise-wide strategy that is tailored to the industry and its culture whilst also accounting for regulatory requirements. Finally, transparency and communication are paramount when responding to breaches, and this must be incorporated into the overall strategy as well.

 Contact us to find out how we can help you increase security within your business, and follow us on LinkedIn for up-to-date security news.

Tweet
Share

Security News

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2023 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692

Our Services

Security Consultant

Security Consultant Sydney

Security Consultant Melbourne

Security Consultant Canberra
Security Consultant Perth

Security Consultant Adelaide

Security Consultant Brisbane