Humans, not technology, are the biggest threats to a maritime company’s ability to maintain an adequate cybersecurity posture – this known as the “insider threat”. A lack of cybersecurity staff members, a lack of employee training, and not enough boardroom prioritization are top contributions to cybersecurity risk, according to a study from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). Over half of those surveyed had experienced at least one type of security incident, and reasons for the security incidents largely revolved around human factors.
Additionally, Verizon’s 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies’ top data security threats. When you think about how these insiders create such dangerous vulnerabilities, there are three main types of threats companies should be concerned with:
1) Accidental. Verizon’s Data Breach Investigation Report also noted that accidents accounted for 30 percent of security incidents in 2015. In this case, employees might just not be educated enough on cybersecurity best practices. Whether insiders open a phishing email or click on a malicious link, attackers are just waiting for your employees to slip up.
2) Negligent. There are the inside threats where employees try to avoid the policies companies have in place to protect endpoints and valuable data, such as disposing of a device without first wiping the data and delaying recommended software updates and patches.
3) Malicious. This type of insider threat is often overlooked because companies mostly assume malicious intent from third-party actors. However, there are times when employees are motivated by financial gain or espionage to make companies vulnerable.
Human error accounts for 52 percent of the root cause of security breaches, according to a CompTIA survey. Asked about the top examples of human error, 42 percent of those surveyed cited “end user failure to follow policies and procedures,” another 42 percent cited “general carelessness,” 31 percent named “failure to get up to speed on new threats,” 29 percent named “lack of expertise with websites/applications,” and 26 percent cited “IT staff failure to follow policies and procedures.”
That is why investments in automated solutions need to be a priority to help mitigate human errors. Mistakes by network administrators and users—failures to patch vulnerabilities into legacy systems, misconfigured settings, violations of standard procedures—open the door to the overwhelming majority of successful attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient. Automation is an important to component to cybersecurity by not only reducing administrative burdens but minimizing cyber risks.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.