The Biggest Threat to Your Cyber Security is Your Employees


According to historical claim data analyzed by Willis Towers Watson, 90% of all cyber claims stemmed from some type of employee error or behavior. If you think your organization couldn’t possibly fall victim to a cyber attack, you’re wrong. Cyber attacks can happen to any business. Below are some examples of cyber attacks caused by company employees:

Example #1: Equifax Data Breach

The 2017 Equifax data breach, which exposed the sensitive information of nearly 146 million Americans, happened because of a mistake of a single employee, according to the company’s former executive, Richard F. Smith. Smith told members of Congress that an individual in the technology department failed to heed security warnings and did not ensure the implementation of software fixes that would have prevented the breach. While the total cost of the breach has yet to be totaled, the sheer number of individuals affected demonstrated the need for employee cyber awareness and training.

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May to July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses, and, in some instances driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
— Seena Gressin, Federal Trade Commission, Consumer Information

Example #2: Snapchat Data Breach

In February 2016, Snapchat fell victim to a type of phishing scam know as a whaling attack. In the attack, a social engineer with a criminal intent posed as CEO Evan Spiegel and sent an email to someone in the social network’s payroll department. As a result, the personal protected information of some 700 employees was released.

The Snapchat data wasn’t stolen by a coding mastermind who penetrated the company’s servers using some unknown flaw. Instead, it was stolen by an attacker who exploited a much simpler, more human vulnerability: trust.
— Andrea Peterson, The Washington Post

Example #3: Chipotle Data Breach

In 2017, a group of cyber criminals in Eastern Europe sent out emails with malware to Chipotle staff. Untrained staff members clicked on the fake emails and inadvertently enable the hackers to compromise the point-of-sale systems at a majority of Chipotle locations. The hackers were then able to obtain the credit card data of millions of people.

While endpoint security has become a bit of a buzzword as of late, organizations seem to still have a problem understanding that POS systems should be protected in the same way as other types of company-owned devices. Criminals are taking note of this and using these terminals as a way to cause significant headaches and financial losses for businesses of all sizes.

Unfortunately, the dark web and other hacker communities have made it easy for cybercriminals to obtain card-scraping malware and other software that can be used to infiltrate POS systems.
— - Champion Solutions Group

Employee error or behavior played a crucial role in these three high-profile cyber attacks. Educating employees and making them aware of potential risks related to cyber security is just one way businesses can help to safeguard protected data. For more tips and training materials related to cyber security, contact us today!

Amanda S