Organizations around the world are making massive investments in cybersecurity. According to Statista.com, worldwide spending on cybersecurity has ballooned from $34 billion in 2017 to $36.6 billion in 2018, and is estimated to grow to $42 billion in 2020—a forecasted 23.5 percent increase from 2017 to 2020.
Whether you are a business, government agency, healthcare facility, or educational institution, the reality is your employees are one of your first lines of defense in cybersecurity. They are also likely to be a weakness in your defense against attacks.
While businesses tend to focus on buttressing security through technology, most do little to confront the growing threat their employees pose.
As you are reading this, an employee may be charging their smartphone via a USB cable that is plugged into a networked point of sale terminal or their work laptop. That USB drive another employee found in the parking lot. They may plug it into their work desktop out of curiosity. No worries, those USB ports are locked down, aren’t they?
The State of Cyber in 2020
The threats that were pervasive in 2019 are still present in 2020. But a new decade brings new threats to safeguard against. United States Cybersecurity Magazine outlines five vectors for to watch for:
- Emerging Technologies – Artificial Intelligence (AI), machine learning, and 5G are a few emerging technologies that will be used to defend and attack in the cyber arena. AI and machine learning will algorithmically work to defend against attack vectors. In the same vein, AI will be used to make rapid changes to attack vectors to circumvent defenses. The advent of 5G will allow cybercriminals to use larger amounts of bandwidth to conduct faster, more powerful attacks. Additionally, as 5G relies on more software in the network infrastructure, it provides a new point of attack to guard against.
- Cloud Storage – With cloud computing coming into the mainstream, cloud jacking will become more prevalent as hackers probe the infrastructure of cloud computing and cloud services software.
- Internet of Things (IoT) – The IoT market is expected to reach $1.1 trillion by 2026. The wide proliferation of sensors, devices, appliances, and other platforms exponentially expands the number of endpoints available to attack as well as a larger network (5G) through which to attack.
- Phishing Attacks – Phishing may be an old cybersecurity threat, but it is still very effective. A recent report from Verizon estimates that “90 percent of the data-loss incidents the team investigates have a ‘phishing or social engineering component’ to them.” One-click, that’s all it takes to compromise the systems on a network.
- Deep fakes – This is synthetic media where a person in an existing video or image is replaced with someone else’s likeness. Attack possibilities include deep fake phishing campaigns, attempts to influence elections or public opinion, and fraud through synthetic identities.
The mix of an exponentially growing number of endpoints across all facets of our lives, interconnected by an ever-expanding ocean of bandwidth across wired and wireless networks, and the advent of powerful technologies like AI and machine learning make cybersecurity more important than ever.
You’re Protected… or Are You?
Employees who are educated about cybersecurity risks and are mindful of best practices are the stalwart allies of IT and security teams. On the other side of the coin, there are many risky employee behaviors that leave you vulnerable to cyber attack:
- 23 percent of employees use the same password for different work applications
- 17 percent write down their passwords, making their accounts vulnerable to password hacking
- 16 percent work while connected to public Wi-Fi networks
- 15 percent access social media sites on their work PCs
While most employees are neither purposefully negligent or malicious, a lack of education or awareness on cyber threats in general, symptoms of a cyber attack, and policy adherence can make the difference.
Remember, the strongest castle is only as secure as the person watching the gate.
So, What Can a Business Do?
There are two main things that a business can do to protect against cyber attacks.
First, fully understand the role employees play in the fabric of your cybersecurity framework. To underscore the point, an article in Harvard Business Review cites that “over 95 percent of all [security] incidents investigated recognize ‘human error’ as a contributing factor.”
People aren’t perfect, and while they can be the first line of defense, all it takes is one error. That’s where technology comes in.
With the proliferation of endpoints, both in the hands of employees or simply installed as a device or sensor on the network, a robust endpoint protection platform must be in place to provide a comprehensive security overlay all the way to the edge of the network to protect against threats.