End Users Still the Largest Contributor to Breaches

End Users Still the Largest Contributor to Breaches

It’s been awhile since I’ve posted a new blog. This is due to trying to catch up with all the latest analysis that has been released in the last 30 days regarding security breaches. There has been some fantastic and detailed data regarding how hackers get into networks, who they are targeting and the tools they use to do it.

Companies like F-secure, Datto, SolarWinds, BitDefender, the 451-Alliance, and others track information from global sources regarding security breaches and how they happen. I prepared some recommendations based on the highlights of those reports so I can save you a few hours of reading and focus on some of the key information I found.

I want to reference what I feel are some great reads about specific hacking tools used and where they are being used to help you understand the threat landscape:

What these two resources detail is that most threats are still coming from the oldest methods of penetration: the End User or Human Factor. Threats from targeted phishing emails and hacked websites that take advantage of weaknesses built-in to software we use everyday are still the largest entry point for hackers.

How Do We Fix the Human Factor

In a nut shell: employee training and awareness. Employees are over-worked, multi-tasking and human. It is only a manner of time till someone who it tired and rushed, accidentally clicks on an infected email attachment infecting their computer. Once the hacker gains access they take their time surveying the network to find every way they can hurt you most. It only takes one person in the company to let them in by accident, and hackers know that. Once inside they begin looking for the admins, the users with passwords and access to sensitive information. Once they find that user, they have the keys to the kingdom.

Secondly, putting proper backup, disaster recovery and business continuity solutions in place to ensure proper protections and ongoing operation of the business in the event of a breach. This will raise employees awareness, provide faster detection & reporting of suspect activity, and will ensure minimal impact on operations.

Steps employers should be taking are very simple:

  1. If you own or operate a business and don’t have a professional IT company or on-staff IT managing your technology, your playing a losing game and gambling with your livelihood.
  2. Listen to your IT professionals. We are trained to protect you from threats. Not all IT personnel and companies are equal in the value of their knowledge and advice, so get a second opinion when in doubt and weight your options. The old saying, you get what you pay for usually applies. Remember, your not paying for their time at your office, your paying for their years of expertise and experience.
  3. Invest in an on-going cyber-security training and awareness program with-in your company to keep employees educated and aware of threats. Threats are evolving in method, delivery and execution so this should be an on-going effort.
  4. Your environment needs to be as secure as possible within reason. There are ways to have a save operating environment with built-in protection and multilayered security, and the Cloud is by far the best option for this.

Our company made a decision 10 years ago to invest in building Cloud environments for the SMB vertical. Tools like AWS and Azure require knowledge capital of those systems, and experience integrating and migrating environments. It can be very costly. We built our cloud environment on technology from NetApp, VMware, HP, Microsoft and WatchGuard specifically for small business to create a cost effective reliable solution. The Backup, Disaster Recovery and Business Continuity solutions are already built-in and deployed on a fault-tolerant, redundant infrastructure.

These practices protect against the “HUMAN FACTOR”, but insure we have minimal down-time when it becomes a factor.

A Great Defense is the Best Offense

If you took the time to read the referenced and linked articles (I hope you did), you’ll understand the threat is real. It is evolving, getting more difficult to detect, and more profitable for hackers as they are targeting businesses 300% more that the previous year. Ransomware alone was responsible for $16 billion in losses last year.

It will be more expensive to protect you business than in the past, but it is far less costly than a breach that compromises you company, your employees, and your customers. Not to mention the lawsuits that ensue.

If you are interested in getting a free network assessment to determine where your vulnerable, make an appointment by going here to setup a time. Thanks for reading and feel free to message me at rtrembath@quasardata.com with any comments.