This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Charlie Riley, VP of Growth, Havoc Shield.
With so much of the workforce working remotely, vulnerabilities at home have been taken advantage of. With poor home network protection, employees using BYOD and maybe not having an IT staff onsite to make sure updates were made and access to important data wasn’t protected, things like phishing attacks have increased since 80% of cyber attacks are due to human error.
Malware has also taken advantage of the fact that workers at home have not stayed as up to date with installing software updates as those could be managed automatically by company IT on premises. Outdated software versions could leave vulnerabilities into systems and data files until those patches are made.
That it is a matter of it, not when, a cybersecurity breach attempt will happen as it is becoming a daily occurrence. One of the biggest things for smaller businesses would be for them to take proactive measures in addition to having adequate, not minimum, cybersecurity insurance, which is a reactive resource. While insurance policies may cover costs, carriers are becoming more stringent about what proactive steps are in place to prevent a breach. They may choose to not pay a claim if efforts are not taken, like enabling multi-factor authentication (MFA), on devices at minimum. Larger businesses can absorb those types of costs and the reputational hit that accompanies an attack, where smaller businesses probably will not be able to. In fact, over 60% of small businesses will never recover from a cybersecurity breach, according to research conducted by the National Cyber Security Alliance.
There will be a mix, but when humans are involved, I think they will always contribute a large percentage of the fault from a lack of training, a lack of institutional importance put on security and not rushing through tasks. Attacks can be sophisticated, but if workers slowed down and checked email links, set up MFA on devices and took the extra 3 seconds for that extra layer of protection, many attacks can be avoided.
Train your staff. The majority of cyber attacks can be avoided because they stem from human error. Help employees spot phishing attacks and incentivise them to take cybersecurity seriously
Make Multi-Factor Authentication (MFA) Mandatory. Cybersecurity insurance policies are essentially making this table stakes to have the ability to secure a policy now. The extra few seconds of annoyance it takes for your employees to log into systems or tools could save your company hours and several thousand of dollars of pain by allowing a hacker to access data when it could have easily been avoided.
Make sure software updates are done asap. With so many employees working remotely and software needing to stay up to date with hacker strategies, making sure employees know it is necessary to install updates as soon as they are released to avoid vulnerabilities.