People are cyber’s Achilles’ heel

Share

The legend of Achilles tells of a Greek warrior thought to be invulnerable after being dipped in the river Styx by his heel.

However, as the story goes, Achilles missed a spot.

Today, cybersecurity vendors are always improving their methods to protect and store unprecedented amounts of sensitive and personal information. But, like the story of Achilles, the human element can be the weakest link in a company’s armour. This is something no vendor can fully insure against.

Business data security policies can lay out comprehensive procedures to avoid a breach. However, a casual attitude towards these policies from individual employees can inadvertently create major weaknesses.

In the face of these security challenges, companies will never be invulnerable. Overcoming this gap requires planning ahead for an inevitable breach and ensuring rapid recovery to minimise an attack’s impact. This is also known as an ‘assumed breach mindset’.

The unfortunate reality is that many breaches result from well-intentioned employees seeking to satisfy customers and deliver timely results.

An accounts manager could save a customer information spreadsheet to their personal device for ease of access, leaving it vulnerable to attack. A salesperson could sidestep policies to meet an urgent customer request, exposing sensitive financial data on less-secure transfer channels.

This trend is particularly pronounced in Australia. Rubrik Zero Labs’ latest report found 20% of Australian businesses self-reported employees ‘definitely’ violating data policies. This is nearly double the global average (11%).

As a result, 58% of Australian organisations reported they experienced a loss of sensitive data last year and recorded the highest number of multiple data loss events (31%).

People are the lifeblood of any organisation. However, with the ever-growing importance and quantity of data, everyone has the potential to be a weak point in a business’s cybersecurity posture.

An assumed breach mindset means businesses are prepared for that ‘bad day’ when the ransom note appears on the screen.

These strategies include immutable backup systems isolated from other servers and a prioritised recovery of crucial data. Essentially, the extent of data loss events can be quickly evaluated, and business operations can be restored in just hours rather than taking weeks or months.

While it’s important to dive into the Styx River and implement cyber security defences to protect against the majority of attacks, it’s equally important to have a backup plan for when attackers find your weak spot and aim for the ankle.