Human factor in cybersecurity
These days, when more and more technologies are evolving in the direction of artificial intelligence to help digitalization and automations to evolve even faster, we often forget about the human factor in cybersecurity.
On one side, we as companies, that defend our ICT systems, too often forget how important human factors are. On the other side, cyber criminals do not forget about the attack vector as, according to some research, 57% of attacks are initiated through social engineering.
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks can happen in one or more steps.
As attackers already figured out, that most of the time humans are the weakest link in chain of different cyber security threat prevention solutions, in our ICT it is important that all responsible personnel in a company organization structure, from engineer to C-level, are aware that it is important to take into consideration, that we must invest into proper testing and education of users.
On the side of attacker’s technical solutions for attacking, ICT infrastructure improves every day and so are the social engineering attacks. In addition to attacks like: bad usb, vishing, smishing etc; the phishing attack is still the most popular for attackers, as it is easiest to accomplish. They can target masses of users at once. At the same time, these are the most successful attacks, as most of the users in a business environment most commonly use email as a mean of communication every day.
It is important, that we provide recurring training about safe usage of ICT infrastructure and test users constantly, as methods and elements of attack change and improve. It is important to constantly educate users about possible new methods, that attackers use to trick users into clicking, opening file etc.
When talking about cybersecurity, it is important to consider every element of ICT, not only technical solutions but also users, as, most of the time, they are the easiest target, when speaking about protecting our ICT infrastructure.