We hear a lot about cyber security these days, both in the business world and in the public sector, where governments bemoan their less than total control of IT systems. We feel, collectively, that as new crowds of professional and amateur hackers and black hat individuals come out of the woodwork, business and government systems are becoming more vulnerable and fragile than ever before.
However, this doesn’t always correlate with the actions of individuals or businesses. People tend to act more recklessly than they feel when it comes to cyber security importance and the vulnerability of online systems.
In the Head Office
Statistics on cyber security make CEOs, CTOs and others pay attention to the real risks of data breaches and cyberattacks. Coming from various research sources, they show attacks and security incidents rising in number every year. Ponemon estimates that data breaches cost companies over $150 per record, which has generated its own share of concern in the business world.
According to the U.S. Department of Health and Human Services Office for Civil Rights, most breaches in 2016 “didn’t occur because of malicious IT hacking, instead, theft, loss improper disposal and unauthorized email access or disclosure were behind the largest incidents in 2016.” This has led to a furor of discussion around the idea of insider threats. Not to mention that the Snowden saga didn’t help either. The bottom line? It’s pivotal for companies to start investing in cyber security.
What, Me Worry?
At the same time, many companies seem to be sitting relatively still when it comes to guarding their IT systems against attack. In the 2016 Deloitte-NASCIO Cybersecurity Study, 80% of respondents stated that inadequate funding is one of the top barriers to effectively addressing cybersecurity threats, while 51% stated that inadequated availability of cybersecurity professionals was the driving factor.
It’s also possible to see some of the danger in statistics around personal security behavior. A January 2017 report from Security Magazine talks about the average consumer’s personal experience with cybercrime, and their responses.
- 64% of respondents had experienced a major data breach in their lifetimes, with nearly half of them feeling that data is less safe now than ever before
- 41% were willing to share a personal password with others
- While 39% admitted to using similar passwords for different platforms
- And 25% admitted using oversimplified passwords that are extremely easy to hack
By applying these behaviors to the behaviors of a typical company employee, it’s easy to see how hard it is for human resource offices to promote strong passwords on a company network. No security system will be bulletproof if the human users aren’t doing their part to maintain only authorized access to the system.
What Can Be Done?
In the eyes of many experts, it has to be an “all hands on deck” type of solution. It has to start with public awareness on strong passwords, and then followed by a lot of training within the company to enforce authorized use of systems.
For more information on what should be prioritized within your cyber security, check out our latest interview with Jeremiah Grossman, which highlights what your IT security priorities should be.