At MEF Connects Cyber Security, Bechara Kaddoum, Cybersecurity Business Executive for EMEA & APAC at Telefonica Global Solutions shared a presentation examining the importance of remembering the human element of cyber security and here shares his key takeaways as to why this is even more essential in the post-covid landscape.
Covid19 pandemic was a driver for exponential growth in cyberattacks taking the fact that most companies had to move to the cloud answering the restrictions imposed by governments around the world.
Adversaries are constantly changing their tactics, technics, and procedures, creating an unpredictable cyber threat landscape making the associated risk for cybersecurity a significant concern for companies; according to cybersecurity Ventures, by 2025, the cost of cybercrime is expected to reach 10.5 trillion dollars.
Cyberspace is undoubtedly unpredictable by nature, similar to Covid19, which the VUCA acronym “Volatility, uncertainty, complexity, and ambiguity” can explain. VUCA discusses systemic and behavioral failures, which are characteristic of organizational failure. Operating in this VUCA world requires building a cybersecurity approach and practices around proactivity. Technologies are needed to keep the highest level of security around the borders, but people are the weakest link, and they need to be trained and prepared to face the adversary.
Kevin Mitnick, the world’s most wanted hacker, says: Social engineering bypasses all technologies, including firewalls. This is why simply “locking down” a security infrastructure can’t work; a human firewall is needed to protect the organization.
The biggest driver behind VUCA is technological innovation, bringing new efficiencies and a richer experience but also a gap between human comprehension and innovation, which is widening exponentially and leading to human errors and social engineering.
Usually, companies consider training as a cost on their balance sheet. But as much as investment in technologies is hardening our security posture and reducing the risk, our people’s training needs to be assumed as an investment to better security. Giving some numbers, the cost of data breach from on human error based on IBM was 3.33M in 2020.
To conclude, operating in an uncertain environment, it’s recommended to cover the three pillars approach: People, process & technologies. Training is becoming a core defense against hackers and a key element in reducing the risk associated with social engineering. Not to forget, the most devastating ransomware attack in history, WannaCry, was caused by social engineering tactics to get inside organizations worldwide.