The Human Risk

The Human Risk

What if you were told that the biggest cyber threat to your organization originates from the day the Earth was created? You might laugh and say that is wrong, and that this cannot be since cyber was not even a concept back then. Well there is nothing technological to this threat. The human risk. Heard of them? Yes, your employees are the most likely cause of your organization’s IT security breaches. This might be like founding out Santa isn’t real all over again if you are someone who has close relationships with your staff… But unfortunately this is the case. If you’re reading this, you might already know that humans are the biggest cause of concern for 90-95% of IT leaders. But you might not.

The human risk

So, by the time you have finished reading this you will be aware of just how irresponsible humans can be. Of course, some are not just irresponsible and act deliberately. According to a 2017 Kaspersky report, around 5% of all cyber security attacks were carried out by internal staff with malicious intent, whereas 23% were due to careless/uninformed employees. But surely you have hired people who you believe are responsible and experienced at their job? Well I should hope so, but when it comes to cybersecurity a lot of people are uneducated on the issue.

Careless/uninformed staff

This may be the result of a lack of training, or by copious amounts of pages containing regulations and rules concerning cybersecurity that a) your employees do not want to read and b) if they do, it is too technical to actually comprehend. This lack of knowledge can cause a great deal of damage to your organization. Just under half of cybersecurity attacks in 2016 were contributed to by careless/uninformed staff. Additionally, 53% of malware attacks were also due to contributions by careless/uninformed staff.

But carelessness is not your only problem. Those pages and pages of regulation I mentioned? This might be the reason your organization is being attacked. A paradox at first glance, but overwhelming staff with regulation can scare them into hiding incidents due to fear of being reprimanded. 40% of businesses around the world have employees which hide an incident when it happens meaning you won’t know about it until you need to know about it and, by then, it might be too late.

BYOD Policy

But no, you tell yourself, you are a cool boss who is relaxed and doesn’t overwhelm your employees. In fact, you’re pretty lax and even allow them to use their own devices. Rooky error. This is a key vulnerability within your organization. Numerous incidents occur because of BYOD implementation. For instance, the lack of control on your employees’ devices, lost devices, sharing company data and information and the list goes on. Sure, allowing your employees to use their own devices might be appealing as it cuts costs for you, but in the long run the cost of data breaches might be much more than just suppling the organization with devices.

Increasing security policy enforcement

So how can you combat this? You can’t fix someone’s brain to be less careless. Ah if only we could…the world would be a better place. But you can increase security policy enforcement. With only 44% of companies having their employees following their security policies properly, there needs to be action taken to increase this number. Train, train, train and train again.

Your employees probably don’t even know the extent of the damage they can do to your organization. Let them know just how scary they can be! But because we can’t always rely on other people, an alternative, which is favored by 43% of businesses, is to use more sophisticated IT security software. Yes, another hole in your wallet. But at least you can put a price on it. What is the price of your security being breached? That’s right, you can never know until it happens, so it’s probably better to prevent it than to mitigate it.

HAC-1 to the rescue

Sepio’s Hardware Access Control (HAC-1) provides a solution to this problem. HAC-1’s capabilities have resulted in a real-life use case where a client used the software to find a loophole to the issue at hand. HAC-1 provides organizations with complete visibility of all hardware assets within their infrastructure, including remote devices. In doing so, HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known vulnerable and Rogue Devices. Additionally, the solution allows the system administrator to define a strict, (more granular), set of rules for the system to enforce.

When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved, or Rogue hardware, provided the software is in ARM mode. This is where the loophole comes in. With these administrative benefits, our client blocked all peripherals by setting the solution in ARM mode for the specific employee’s, or should we say ex-employee’s, device. Doing so rendered the machine useless. So whether they were a malicious actor or just a careless one, there were zero risks of a hardware attack originating from their device.

The Human Risk

Sepio’s Hardware Access Control HAC-1, provides 100% hardware device visibility.

HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.

HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.

Cybersecurity predictions for 2022 is crucial to keep a proper cybersecurity posture.

The idea is to Verify and then Trust that those assets are what they say they are.

Sepio’s HAC-1 brings the ultimate solution to zero trust adoption by providing 100% hardware device visibility.

With greater visibility, the zero-trust architecture can grant access decisions with complete information.

Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.

The human risk is crucial to address, and Sepio’s Hardware Access Control capabilities of HAC-1 avoid this risk.

HAC-1 stop an attack at the first instance, not even allowing such devices to make network access requests.

HAC-1 is here to protect Government Agencies and the nation’s critical infrastructure

Embracing Cybersecurity Predictions is key.