Are humans the weakest link in cybersecurity?
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it´ money wasted because none of theses measures address the weakest link in the security chain: the people who use, administer and account for computer systems that contain protected information”Kevin Mitnick (Convicted in the US for hacking large corporations, and current globally recognized security adviser)
For some time now, we have been seen how people are increasingly becoming a target for hackers. And it makes sense. Why spend time and resources looking for vulnerabilities when the only element that is impossible to automate and predict can be attacked?
According to a report by Willis Towers Watson, human error is behind of 90% of the security incidents suffered by companies. And we agree. If we take a look at the latest posts in our blog (Pharming, Punycode attacks, Phishing, Typosquatting, Watering hole attacks, Insider attacks, Juice Jacking, etc.) we realize that in almost all cases, people have something or much to do with them.
Why do we say that people are the weakest link?
The reasons are various: lack of communication, lack of resources, lack of time, lack of awareness, fatigue, stress, pressure, overconfidence…But the common denominator is always the impossibility of foreseeing and/or controlling how people react to certain things (email links, attachments, malicious advertising, etc.).
To address this problem, companies are investing large sums of money on training their employees, but the results are not as positive as expected. The attacks are increasingly sophisticated, malicious links and webs seem more legitimate and, on top of that, it is impossible for human beings to make no mistakes when patching or updating the systems.
So, How can we protect ourselves?
In Randed we are certain of one thing: if people are protected, the devices and the corporate network will be protected. To date, only RITech, our web isolation technology, is able to help companies being protected from people´s mistakes.
RITech offers companies a new approach allowing them to protect networks and corporate systems from human errors, carelessness, or intentional actions by using two different strategies. On the one hand with our browsing isolation service, we guarantee that regardless of the web pages visited by employees or the links that they click on, no web threat will ever reach their devices. By separating the endpoint devices from the Internet, we eliminate the attack surface. And on the other hand, with our application isolation solution, we prevent potential threats that already exist in external users devices from accessing the code of web-based business processes and, therefore, exploit their vulnerabilities.
Factors such as the increasing mobility of employees or the implementation of BYOD policies only simplifies the work of hackers. Find out how RITech can hep you protect your business.