New research by Finn Partners has revealed that employees pose a high level cyber risk to their organisation as nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize.
Dean Ferrando, Systems Engineer Manager at Tripwire:
“Many businesses still remain unprepared for a cyber attack because it’s difficult to prepare for something you don’t understand, can’t visualize, or haven’t experienced. The dynamic nature of cyber attacks often makes it hard to pinpoint a root cause, and so executives with a desire to prepare are faced with choices, rather than clear actions to fund.
To give the organisation the best chance possible to mitigate the chance of a cyber attack, firstly train employees on how to recognize a scam. Much of cyber security is about human nature and social engineering. Furthermore, training must be ongoing due to the ever changing tactics deployed by today’s attackers. Then begin understanding the types of risks you have. By conducting regular, preferably continuous, assessments of configuration and vulnerability risks across your IT systems will give a more holistic view of your infrastructure. Remember, attackers will be trying to do the same, so it pays to be one, two or even three steps ahead. Lastly, don’t ignore the simple, best practices. Keep software up to date, apply security patches, change passwords, and make sure terminated employees and contractors don’t have access. This security hygiene goes a long way to making the attackers’ job more difficult and keeps your business better protected.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.