Security culture and the human element of cybersecurity

Over the past decade, digital transformation has been a core focus for growing industries. From eCommerce to online education, medical records to app-based insurance claims, companies across industries have been on a steady trajectory of technological growth. But in 2020, slow and steady growth became fast and furious change. The way the world works was altered virtually overnight ... and likely for good.

Today, 72% of organizations offer hybrid work options for employees, and 43% say they will keep hybrid work options going forward.

While there were many variables involved in the specifics of how companies responded to this tipping point and its ramifications, three overarching trends have emerged:

1. The rise of remote and hybrid workforces

2. The need for ubiquitous, accessible information

3. The evolution of company culture

Unfortunately, the quick pivots and band-aid solutions that got organizations through the pandemic until things “got back to normal,” weren't long-term solutions to build a secured, sustainable future in this new era of borderless work. Today’s companies need to understand their vulnerabilities, mitigate their risks, and drive a security culture that supports their people and protects their information.

The human element of cybersecurity

According to Verizon’s latest Data Breaches Investigations Report (DBIR), 82% of data breaches involved the human element such as stolen credentials, phishing, misuse, or simply a mistake in which information was exposed.

Mistakes are an essential part of the human experience — a valuable source of learning and growth. However, in cybersecurity, even small mistakes can lead to huge consequences. Potentially damaging missteps too frequently go unaddressed with organizations that don’t have a thorough understanding of what’s at risk. This challenge has been heightened exponentially due to the prevalence of remote working.

According to IBM Security’s 17th Annual Cost of Data Breach report, the average cost of a breach was $1.07 million higher in breaches where remote work was a factor in causing it. When employees are away from the office, they tend to be less mindful of security best practices and may adopt bad cybersecurity habits. These bad habits combined with the lack of appropriate security controls at home cause more frequent and more costly breaches.

Ransomware is always just a click away

A devastating data breach can happen to anyone. And the likelihood is greater than ever.

Verizon’s 2022 DBIR stated that ransomware has increased 13% in breaches, greater than the last five years combined. All it takes for a cyber attack to begin is for one employee to click on a phishing email or respond to a social networking message. And it’s easy to do. Hackers are clever — messages often come proxied and it can appear as if they are coming from another employee, or even the employee’s supervisor or CEO. One click grants the access, and the attack begins.

Ransomware is a type of malware that is designed to deny a user access to their computer files – typically, attackers encrypt these files and demand a ransom payment for the decryption key. Common routes ransomware uses to invade your network include credentials, phishing, exploiting vulnerabilities, and botnets.

Remote work has heightened the risk of ransomware and other malware due to employees sharing home office space, printing confidential documents on shared devices and the forming of unintentional bad habits as they give priority to completing tasks over best security practices. As ransomware attacks continue to increase in frequency and sophistication, organizations must focus on educating their people and having good processes in place that help eliminate the likelihood of an attack.

Related content

Article: How to detect ransomware

Article: How to handle a ransomware attack

Case Study: Town of North Andover