Patrick Sweeney, executive director of product management, SonicWall Security Products once said “At any given moment, every organization in the world is a few packets away from an imminent infrastructure disaster!” There can be many reasons for this to happen: out of date security technologies, non- adapted security policies and human errors. Despite our best efforts, human beings are, and will always be, imperfect. And so are the systems that humans design and maintain, from governments to corporations to schools to hospitals. Of course, the same is true of IT security systems, which employ powerful technology, but in the end are only as strong as how employees adopt and use them.
The recent security breaches that have allowed hackers to steal millions of credit card numbers and consumer names and addresses from the largest retailers in the U.S. turns out to not be particularly sophisticated. In the end, we’ve learned that many of these companies’ defenses were fully prepared with malware detection tools and that the technology did its job. If the tactics weren’t that sophisticated and the defensive technology in place worked as intended, then how can we account for what happened?
It’s come to light that a series of human errors are often in play starting with successful targeted phishing attacks on employees (more and more targeting privileged account users) that go undetected for weeks and give cybercriminals ample time to collect sensitive data and access business applications. It is widely accepted today that human errors like this cause the lion’s share of information security breaches around the world. In fact, one survey found that 70 percent of IT security breaches can be attributed to human elements.
Companies can have plenty of security controls with abundant security instrumentation and keep their software up to date. Yet one click from an employee””uninformed about security policies or simply trying to get the job done in the most expedient way possible””can inadvertently give access to threat actors with malicious intent, circumventing security technologies in place.
That is why forward-thinking companies are investing in more than just technology to maximize their IT defenses. They are working to educate, train, and cultivate a culture of security among the employees of their organizations.
In today’s connected world, data is the lifeblood of business. And that data includes billions of pieces of personally identifiable contact information, account numbers, healthcare patient records, trade secrets and a wide range of other sensitive material. The value of data increasingly relies on the ability for the right people””and only the right people””to access it wherever and whenever it’s needed.
To drive innovation and agility, organizations are adopting mobile, social, and cloud computing technologies at an accelerating rate. And these technologies are delivering data and applications outside the network boundaries and therefore outside many traditional IT security solutions. Securing information everywhere it resides and everywhere it needs to go is a top priority. But even as they keep pace with increasingly sophisticated cyber crime techniques, IT security technologies are only as effective as the people who use them (or don’t).
Let’s take a look at a small sample of human errors committed thousands, if not millions, of times every day:
- Clicking on a malicious link in a seemingly innocent email
- Using a simple password or using the same password for both work applications and personal accounts
- Leaving or losing a smartphone or laptop in a taxi or airport
- Uploading company data to a public cloud service
Whether slip ups are made out of carelessness, ignorance or a well-intentioned attempt to get work done faster, the results can be equally damaging. For organizations to truly secure their information, they need employees, partners and others with access to their data to understand, adopt and comply with well-articulated security policies and protocols.
And those policies and the technology that enforces them must be easy to use. They cannot be barriers to productivity. Creating this “culture of security” requires a comprehensive, end-to-end strategy, adapted to the unique business requirements of each organization and supported by top management.
SonicWall develops end-to-end IT security solutions that are easy to use, designed to be embraced and adopted by employees and business partners without hampering productivity. More adoption means more compliance, and better security. And better security is better business!
Ensure that your IT security strategy is adopted by your employees read the tech brief “The AAA approach to network security”.