Let’s start with one of the biggest truths in cybersecurity; technology is not the problem – the people using it is the problem. Some argue that technology is flawed, or that it can become flawed. However, for most of the time, technology works exactly as it is intended – the interaction and understanding of the technology by the people using it is sometimes imperfect. The problems with people are caused by a variety of factors. One of the biggest problems is the desired speed of business and the laziness of people. People’s constant interaction with technology makes it a risk, and there is nothing businesses can do about it.
Statistics show that almost 90% of all data breaches or hacks could have been prevented or reduced by using MFA (Multi-factor Authentication).
The first clue as to what’s wrong with work culture relates to the concept of “convenience versus privacy”. All technology is built for a simple purpose: we want to make a job, task or calculation easier and more efficient. When we choose to use technology in our work, we choose convenience.
The price for choosing convenience is usually privacy. A good example is Multi-factor Authentication (MFA). MFA can be very time-consuming and tedious for some. Sometimes you have to wait from 10 seconds to a few minutes to receive an extra text message or authentication request when logging into a website or software application. If this is done repeatedly 15 times a day, waiting for minutes can feel frustrating. When you have four emails on your desktop that need to be answered as soon as possible and you can’t wait, MFA adds more hassle than value for those who choose the convenience of MFA over privacy.
However, statistics show that almost 90% of all data breaches or hacks could have been prevented or reduced by using MFA.
At the moment, the problem is the wide range of different regulations that apply to the security industry.
Next, we need to look at concerns about the culture of those in charge and the information security industry in general. The regulations or used language can sometimes be very inconsistent and confusing across the world, sometimes causing more harm than good. The term “risk assessment”, for example, can refer to a risk register matrix, an enterprise risk assessment, an invading test or even a risk assessment vulnerability analysis. Some readers of this article may also state outright “That’s not a risk assessment”, while others would Google “what is the difference between an invading test and a vulnerability analysis”. So, at the moment, the problem is compounded by the wide range of different regulations that apply to the security industry. The industry needs to be brought into sync with certain regulations.
All the problems suggest that more education on security is needed.
Security awareness training is still a challenge for people. It often involves their own misunderstandings of the threats, laziness or a “it’s not my problem” mentality. However, all the problems suggest that more education on security is needed. Threats need to be talked about constantly until they are understood and addressed as part of the business plan. This may sound tedious and extremely boring to some, but cybersecurity, security, privacy and digital trust must be part of ongoing education and training.
Just because you don’t consider yourself or your business as a high priority doesn’t mean you can’t fall victim to cyber criminals.
Just because you don’t consider yourself or your business a high priority doesn’t mean you can’t fall victim to cyber criminals. Cybercriminals often select their targets at random, using automated attacks to commit data breaches, phishing and malware distribution.
Cybercriminals are not a coherent group, but a diverse group of actors with their own motives. Hacking and other forms of cybercrime are carried out by organised crime, terrorist groups and national actors.
In addition to individuals and businesses, cybersecurity is an important element of national defence and warfare. While large companies and organisations can be attractive targets for cybercriminals, inadequate efforts to ensure their own cyber security can cause a wide range of harm.
What you can do today to protect your account from data breaches or other harmful activities:
– Change your account passwords and set them to ones that cannot be guessed.
– Do not store your passwords or bank codes in plain sight.
– Use Multi-factor Authentication wherever it’s possible.
– Never give out your bank details or personal information over the phone or online.
– Also protect your important documents, company papers and contracts behind passwords or locks.
At NordCheck, we can help you to keep your important and valuable documents safe with modern compliance. If you need our help, don’t hesitate to contact us!