Humans: the weak link in Cyber securityGhofrane ABDALLAH
Every system strength is evaluated on that of it’s weakest link, and when talking about information security, one of the most threatened systems with daily attacks and hacks, Human’s are definitely the weakest link in the system.
Nothing can be quiet dangerous to a system – whether it is a bank’s information system that handles millions of accounts and composed of hundreds of computers in tens of agencies, or just a small office containing several units, or even your own home devices – than an unexperienced user, a user that simply has no idea about what is out there on the net.
It was proven over and over again, that people are more vulnerable than computers.
Most of Cyber-attacks rely on human fault: perpetrators usually target employees in order to gain access to computers.
Some facts and numbers
Social engineering is the most successful form of hacking , according to Agari, a leading Cyber security company , 60% of Enterprises were Victims of Social Engineering Attacks in 2016  .
If this number testifies to something, it must that it is a FACT that humans are easily hacked, and that all firms should really pay attention to their employees knowledge in Security.
According to Veriato’s 2018 Insider Threat Report, which surveyed 472 Cybersecurity experts, 90% of Cybersecurity professionals surveyed feel their company is vulnerable to insider attacks, and about 50% have experienced at least one of these attacks in the last 12 months. 
Those surveyed chose regular employees as the biggest security risk for their company.
As you can expect, a majority (94%) believe they should monitor employees to prevent these attacks.
What can a hacker gain from your employees?
Targeting humans is an easy way to get access to a system, anyone with access and privileges is a door to enter, whether by using these privileges to gather information, or even getting more privileges by ascending it.
- Thefts of source codes, contractual information, employee details, client details and other confidential data.
- To demand ransom by encrypting the data and files.
- Corporate Espionage or blackmails
- To malign the public image of the firm
- To disrupt some service thereby causing substantial damages on large scale.
A “how to deal with it” advice from us, here in Tunisian Cloud, is to always be prepared!
How to reduce the vulnerabilities
Maintaining an updated security knowledge (at least basic) for everyone who is in contact with any computer connected to your firm network (that will be almost everyone, from drivers using firm’s phone to secretaries to developers and stuff) is crucial for avoiding Cyber security threats.
Securing your firm’s data is a priority for any business owner , and being able to use a computer in a secure way should be put in any employee’s resume (CV) no matter the post he is postulating for.
Here are some quick solutions and tips:
- In-depth training should be provided to your employees to ensure the awareness of different attack vectors.
- Regular People Risk Assessment of employees can reduce the Cyber risk considerably
- To use incentive mechanism to foster the Employee for attention towards security aspect.
- Periodic Vulnerability Assessment and Penetration Testing reduces threat-posture of your organization.
Enterprises that don’t give priority to proactive security awareness or risk assessment are doomed to spend hefty amount on mitigating PR nightmares from scandalous data breaches.
- If you’re going to deploy any kind of enterprise service management, ERP, SAP or CRM system, step back before implementation and first consider what the security system plan will be.
Make security a part of your strategy from the very beginning , train your employees to safely use these services and software .
• Consider outside services , many companies offer Cyber security services from training to pentesting , and there is no one better than us in Tunisia and Africa to trust securing your business , no matter the size of your firm .
And as always, be safe, be secure!
Check out our calendar and consider contacting us to ensure the safety of your online business and information system.