Most efforts towards risk mitigation concentrate on technology. Certainly, antivirus, antimalware, intrusion detection/protection, firewalls, email filters, two-factor authentication and other technology solutions are vital. Similarly, appropriate backup and disaster recovery (DR) processes must be in place. For example, a 3-2-1 backup strategy (three copies of the data, on two different types of media, with one off site) is a recommended best practice along with testing of the restore function on a regular basis.
However, these technology safeguards must be supported by what is known as the human firewall – an internal staff that is educated on cyber-threats, can spot a phishing email a mile away and won’t fall prey to CEO fraud.
Regardless of how well the defense perimeter is designed the bad guys will always find a way in. They know that employees are the weakest link in any IT system. The Verizon 2016 Data Breach Investigations Report (DBIR) found human error to be the weakest link based on a study of 100,000 security incidents and 2,260 confirmed data breaches across 82 countries. Thus, cybercriminals continue to rely on phishing and other tricks from the social engineering playbook.
The way to manage this problem is new-school security awareness training. Thousands of organizations are doing this with great results. Stepping users through this training proofs them up against falling for social engineering attacks. Establishing a human firewall won’t eliminate breaches entirely, but will reduce them.
Next post find out ~ Prevention, High Risk Users & Technical Controls..Think Before You Click!
Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584