With the development of information systems, threats are becoming more serious every year, and the damage is estimated at millions and billions of dollars. As for the first half of 2019 alone, more than 1276 cases of confidential information leakage were published and registered in the world (based on research by the InfoWatch analytical center), which is 22% more than the number of incidents recorded for the same period of 2018.
Sources of threats
It is noteworthy that according to InfoWatch, data leakage is the result of the internal violation influence in 55.6% of the considered cases. In 44.8% of cases, unprivileged company employees were found guilty of information leakage, and in less than 2% of cases top managers of organizations and top personnel caused security issues.
One of the high-profile cases is the theft of data 8,000 Coca Cola employees. Approximately 13% of personal information was compromised in the course of the incident caused by a former employee fault.
Making employees aware
Today, it is extremely important for large companies to pay attention to the employees' training and the increase of their professional skills in the area of cybersecurity in order to reduce the number of information leakages. Indeed, often the staff does not know about all types of phishing, Trojans, and other threats that were created with the purpose of tricking into forcing unaware users to unwanted “cooperation”. In this way, employees often serve as the main target for attacks without actually realizing that they are becoming a threat to the security of their own company. However, ignorance is no excuse. For the company, confidential information leaks or personal data of users threatens with a loss of reputation and multi-million fines, and for an employee it may turn a dismissal as a minimum.
What about IT specialists?
For IT professionals, the ability to write clear and secure code is extremely important. Depending on your programming language and subject area, you may need to beware of buffer overflows, XXS, SQL injections, and other security problems. You can study them and try to avoid.
The notion that security is not a developer's job is not quite true. A good web developer should take cyber threats into account when working with applications to protect employers and end users. It is also worth mentioning that the cheaper and more reliable way is to ensure safety during the development phase, rather than extinguish the fire after the product is released. Hackers don’t need many vulnerabilities to cause havoc, they only need one.
How to reduce risks?
As mentioned above, in order to reduce the risks of corporate network "infection" and data leakage, it is necessary not only to update the software, but also raise employee awareness regularly. It is software flaws and human errors that make malware notorious.
Building a cybersecurity culture begins with the fact that every employee (from accountant to developer) regularly undergoes mandatory orientation training. Interest in cybersecurity issues should be encouraged so that developers are aware of security issues.
It is necessary to discuss security issues during the development process. Make it a hot topic to share and read about. Cybersecurity should be part of the discussions surrounding every development project.
To minimize risks, many organizations are constantly looking for new ways to deal with possible leaks. One way is corporate training. The traditional idea of what corporate training is, how it should be carried out, and who should be aimed at, is no longer relevant. The most effective training is when it is supported by a specific practical context, the acquisition of new experience. Today there are many different teaching methods, the most popular are: lectures, video tutorials, seminars, trainings, online courses.
Unaware staff can cause multimillion-dollar damage to the company's budget, as well as undermine its credibility. However, there is an option not to lose money, but to save or even increase. It is better to convert money into knowledge and protect the future of the company by giving an opportunity for staff to learn new skills and remain the best in their area, isn’t it?
Top comments (0)