Cybersecurity is inherently technology-based, leading most people to believe technology is the best defense against cyber threats. While technology may be a key component to secure data and businesses, the reality is that most reported cyber incidents last year and every year resulted from human mistakes. Since 2006, organizations in North Carolina have reported more than 12,000 security breaches to the state Department of Justice. Email phishing accounted for the majority of security breaches.
A quick look at the graphic provides some interesting insights:
- Hacking and phishing are the leading cause of breaches
- Roughly 1,900 breaches were reported (many others were undetected or unreported)
- Those ~1,900 breaches impacted more than three million North Carolinians
- Ransomware accounted for nearly half of all violations in NC last year
What can we take away from this? People are the primary driver of attacks and the primary attack vector. Hackers have many hacking techniques, but they always go for humans. Why break into Fort Knox when you can send an email and demand they give up all the gold or else?
Some steps we can take to mitigate the people problem:
- Mandatory cybersecurity training for all employees
- Regular updates/patches of all systems
- Conversation and reminders that phishing awareness is everyone’s responsibility, not the IT department
- Posted warnings/reminders about phishing
- Share information about possible phishing emails/texts/calls
- Annual phishing training/exercises
Although phishing and ransomware will continue to plague small businesses, there are easy, affordable ways to secure a business. Don’t wait until it’s too late; take action today. Will your people be your greatest asset against cyber threats or your greatest cybersecurity weakness? You decide.
About the Author
Brian Vinga is an instructional designer in the professional learning and instructional design unit for NC State University Industry Expansion Solutions (IES). Brian has worked as an adult educator, trainer and instructional designer for more than eight years. Brian has taught a variety of certification and professional development courses at the collegiate level as well as in collaboration with the United States government. Brian is currently certified in CISSP, CompTIA Security+, CompTIA A+, CompTIA Network+, CompTIA Cloud Essentials. He is a Microsoft Certified Professional, AWS Solutions Architect and an AWS Cloud Practitioner. Brian is also currently pursuing a M.S. in education from NC State University. Outside of work, Brian enjoys hiking, sports and spending time with his family.
