Cyber security is in essence the practices, processes & technologies that are designed to protect data, networks, data, software, programs and computers from breaches, attacks, damage and access by unauthorized users.
In order to gain access to systems, networks and devices cyber attackers exploit vulnerabilities in a company’s security armoury. There are three common types of vulnerability as defined by the UK Government (2015) that a company can be exposed to:
- Flaws in software, network and device design – these are unintentional errors in design that are exploited by attackers. Ensure that proper patch management is in place so that you proactively update software and applications. Updates are brought out to counter the influence of hackers within the system.
- Features – Features are elements of software that are intended to enhance user experience but can be manipulated by attackers to breach a system
- User error – Regardless of how well designed security systems and policies that are in place within a company all of these can easily be undone due to user error. User error is still a critical flaw in any cyber security system which is why policies and training must be in place to ensure that employees are aware of, can identify and know how to respond to the presence of a cyber attack.
User error related security breaches continue to rise:
- 75% of large organisations suffered user error related breach in last year – up 58% from last year
- 31% of small organisations suffered user error related breach in last year – up 22% from last year