fbpx
The “Human Factor” Important in Cyber Risk Prevention

The “Human Factor” Important in Cyber Risk Prevention

As I read over the Kroll Global Fraud & Risk Report for 2017, the most common issue discussed is the threat that comes from within your organization. Current and ex-employees were the most frequently cited perpetrators of fraud, cyber, and security incidents over the past 12 months. Notwithstanding this finding, external parties were identified as active perpetrators as well.

In the survey, taken by 545 senior executives worldwide across multiple industries and geographies, 85% said that their company experienced a cyber attack or information theft, loss, or attack in the last 12 months.

How these attack happened

The survey also reveals that most cyber incidents involve more than one attack vector. Multiple, interwoven attack
vectors were identified – directly on company software, systems, and websites; via third parties through malfeasance,
attacks on their own systems, or in error; through employee error or malfeasance; and from device theft.

The highest reported attack vector was via software vulnerability, experienced by over a quarter of respondents (26%).
Employee error or accident played a role according to 22% of respondents. And attacks on the corporate website were
noted by 22% of respondents as well.

 

The Perps

The findings reveal that threats most commonly come from within. Current and ex-employees were the most frequently
cited perpetrators of fraud, cyber, and security incidents over the past 12 months. Notwithstanding this finding, external
parties were identified as active perpetrators as well.

PERPETRATORS OF FRAUD

Nearly 8 out of 10 respondents (79%) cited one of the following categories as the key perpetrator:
-Senior or middle management employees of our own company
-Junior employees of our own company
-Ex-employees
-Freelance/temporary employees

PERPETRATORS OF CYBER INCIDENTS

Overall, 44% of respondents reported that insiders were the key perpetrators of a cyber incident, citing ex-employees
(20%), freelance/temporary employees (14%), and permanent employees (10%). If we also consider agents/
intermediaries as quasi-employees, noted by 13% of respondents, then the percent indicating that insiders were the
key perpetrators rise to a majority, 57%. Nearly one in three (29%) identified external players as the key perpetrators.

PERPETRATORS OF SECURITY INCIDENTS
In total, 56% of executives surveyed said insiders were the key perpetrators of security incidents, citing ex-employees
(23%), permanent employees (17%), and temporary/freelance employees (16%).

Building Cyber Resilience

The good news: 72% have introduced employee cybersecurity training and an equal percentage have employee restrictions on installing software on company devices. Detection methods rank high on the list, with intrusion detection systems, threat intelligence systems, and network operations centers next in magnitude of adoption.

The road to resiliency requires resources, analytics, creativity, understanding of human behavior, and sheer
vigilance to continuously enhance each firm’s ability to prevent, prepare, respond, investigate, and remediate fraud and
risk.

What's next for your organization? Cybriant is here to help.

The Weakest Link in Network Security?

The Weakest Link in Network Security?

The weakest link in your network security? Your employees!

Cybriant works with KnowBe4 to provide new school security awareness training. Your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school training – o meetings or posters in the break room just don’t cut it anymore.

Security Benefits of Identity and Access Management (IAM)

See the video below to learn more:

Ready to secure your human firewall?

What is Firewall Logging and Why is it Important?

What is a Firewall Logging and Why is it important?

Get Your Automated Security Awareness Program, ASAP!

Get Your Automated Security Awareness Program, ASAP!

More than ever, your users are the weak link in your network security. It is time for a comprehensive approach to effectively manage this problem, managed by people with a technical background. Cybriant has partnered with KnowBe4 to offer our clients an integrated Security Awareness Training and Simulated Phishing platform. 

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization. We’ve taken away all the guesswork with our new, no-charge Automated Security Awareness Program (ASAP).

ASAP is a revolutionary tool for IT professionals, which allows you to create a customized security awareness program for your organization that will help you to implement all the steps needed to create a fully mature training program in just a few minutes!

free cybersecurity program cybriant

The program is complete with actionable tasks, helpful tips, courseware suggestions and a management calendar. Your custom program can then be fully managed from within the KnowBe4 console. You also have the ability to export the full program as a detailed or executive summary version in PDF format, use it for compliance requirements, and reporting to management.

The process of creating the program is simple enough, answer 15-25 questions about your goals and organization, and a program will be scheduled for you automatically. The program tasks will be based on best-practices how to achieve your security awareness goals. You have an easy calendar view to plan and deploy your security awareness program.

Here’s how it works:

  • 15-25 questions depending upon answers
  • Suggested training materials based on answers
  • Choose and change your program start date and tasks
  • Calendar and list view of tasks
  • Dashboard with program status, % complete, tasks overdue, etc.
  • Detailed and summary exportable PDF versions of your program
  • Fully mature awareness program ready in 10 minutes
  • Find out what YOUR program will look like. There is no cost… Start ASAP!

GET STARTED ASAP! Be sure to enter Cybriant as the partner.

Find out what YOUR customized program will look like.

Cybriant Launches Managed Cybersecurity Awareness Training Service; focuses on Real Estate Industry

Cybriant Launches Managed Cybersecurity Awareness Training Service; focuses on Real Estate Industry

August 9, 2017 – Alpharetta, GA – Cybriant announced today that it has launched a new service that offers Managed Cybersecurity Awareness Training. Cybriant plans on initially focusing on the real estate industry for this managed service.

The real estate industry is under attack from cybercriminals. Wire Fraud, Email Phishing, Texting Scams and Social Media scams that target independent real estate agents are causing real estate firms as well as potential home owners to lose money.

Cybercriminals have targeted the real estate industry because of the amount of personal and sensitive information that is created, stored, used, and shared between real estate agents, brokers, property managers, closing attorneys, mortgage banks, title companies, and more.

Cybriant’s Managed Cybersecurity Awareness Service helps organizations implement a fully mature security awareness training program. The program will provide baseline testing, user training, simulated phishing attacks, and management reporting.

“Employees are either a weak link in the security chain or a trip wire for your defense,” said Jeff Uhlich, CEO of Cybriant. “Our cybersecurity awareness training service helps meet three requirements for a well-rounded program – awareness, education, and ongoing training. We help strengthen your human firewall.”

For more information, go to https://www.cybriant.com/cybersecurity-awareness-training/.

About Cybriant

Cybriant assists companies in making informed business decisions and sustaining operational effectiveness in the design, implementation, and management of their cybersecurity programs. We deliver a comprehensive and customizable set of strategic and adaptive cybersecurity services which address the entire security landscape. These services include assessment and planning, testing and hunting, SIEM management and security monitoring, perimeter and endpoint protection, and secure cloud networking. Cybriant also delivers support services for the secure maintenance, relocation, and disposition of physical and data assets. We make enterprise grade cyber security services accessible to the Mid-Market and beyond. For more information, go to www.cybriant.com

Managed Cybersecurity Awareness Training Service