Featured Image

Cybercrime is an Inside Job

One of the biggest threats to a company’s cybersecurity is its employees. Promoting cybersecurity means focusing on reducing human error and promoting cyber hygiene.
Aug 01, 2023

Your biggest cybersecurity threat is you. You and all your fellow humans. To protect your company from cybercrime, you have to focus on reducing human error. There is a lot of room for improvement.

According to Verizon’s Data Breach Investigations Report, a staggering 74% of cybersecurity breaches are driven by the human element. Criminals are cashing in on the vulnerabilities caused by the human element through a process known as social engineering.

Understanding Social Engineering

Social engineering is the act of manipulating people into doing something they may not want to do. Cybercriminals work to get users to divulge confidential information that can be used to commit various crimes — from information mining to complete system takeovers for ransom. The vast majority of social engineering attacks begin with email phishing.

Phishing isn’t new. We’ve all been offered a fortune from a long-lost foreign relative who just needed our bank account number. Unfortunately, phishing has gotten more customized and complex over the years. Often, attacks now come from a “friendly source” — which might include an email address you think you recognize or a company name that looks familiar (sometimes with a slight misspelling). And, as always, the attacks play on human emotion to get people to act without thinking.

Artificial intelligence is also being deployed to make phishing emails more real and sophisticated. Tools like ChatGPT help criminals ensure that their emails use proper English and sound convincing.

In the face of increasingly sophisticated, nebulous criminals, what can you do? A lot. Start here.

1. Prioritize real threats.

You don’t need to create dramatic scenarios or once-in-a-lifetime breaches. Real security threats are happening every day — likely to you. Most security threats come in through email. If you’ve got email, you’re a potential risk. Make sure you are using multifactor identification for email. Utilize the security tools that are built into G-suite and Office 360. Use antivirus software and keep systems updated.

2. Focus on awareness.

No matter how much you prioritize, there will still be cyber threats, and some will get through. Now, you need to minimize risk by focusing on awareness. User education is key. Teach users to spot phishing threats — and report them. Phishing simulation tests are a great way to prepare employees. People still fall for scams that make them feel fearful or curious. Make sure staff at every level know that email is not innocuous.

3. Train, train, train.

Cybercrime is now offered as a service — meaning that professional hackers and scammers are working full time to bait, switch, and trick. Small to medium manufacturers in particular have to prioritize cybersecurity training because a single attack could damage or even eliminate their business.

Employees need to receive regular training. Security awareness training providers make the cybersecurity training process more dynamic and engaging — making it more likely to work. Even after training, you will likely have some outliers who will click on bad links but bringing that number way down will go a long way toward protecting your business.

4. Build (and encourage) good cyber habits.

Most people already have bad cyber hygiene. They don’t use strong passwords. They don’t use password managers. They click ALL the links or open the attachments in their emails. They don’t report suspicious emails. Now it is time to build good cyber habits.

Teach employees the why and how for cybersecurity. Educate them on building stronger passwords and using password managers. Show them what a healthy skepticism of email looks like. Help them to understand why reusing the same password all the time will lead to a quick data breach. Building a habit takes time and practice. Start to foster a security culture through strong leadership, training, and frequent reminders.

With time and practice, it is possible to clean up your cyber act and stop cybercrime — from the inside.

PicturePicture
Author
Benjamin Moses
Senior Director, Technology
Recent technology News
Change is happening faster than ever. With it comes opportunities – as well as potentially insurmountable challenges to the status quo.
OpenUSD and USD refer to the same core technology, with OpenUSD emphasizing the framework's open-source nature.
Apple, like Thomas Edison, has essentially created a business model in which they take the ideas of others (like almost every iteration of the light bulb), take credit, and get away with it.
Discover how MTConnect bridges the innovation lag between consumer tech and manufacturing. As a unifying open-source standard, MTConnect streamlines machine communications and fuels emerging tools like digital twins.
For once, history is useful. Hope we are not still paying for that. Is faster better? Printing the big stuff. Barriers to tech adoption.
Similar News
undefined
Technology
By Benjamin Moses | Dec 13, 2024

Episode 127: Ben and Steve both have some testbed updates and conclude that having a solid in-house IT team on hand is vital for implementing new OT (operational technology) systems. The tech friends lighten things up by reflecting on their Thanksgiving.

45 min
undefined
Technology
By Michelle Edmonson, CEM | Dec 02, 2024

IMTS 2024 brought the manufacturing technology community together for six exhilarating days filled with opportunities to explore new solutions and build meaningful connections.

6 min
undefined
Technology
By Kathy Keyes Webster | Dec 10, 2024

Manufacturers are doers—always building, innovating, and transforming. It’s no surprise that the most-read articles on AMTonline.org this year spotlighted the driving forces of the industry: automation, innovation, and transformation.

6 min