Why Human Behaviour is both a Cyber Threat and a Cyber Defence

The digital divide in cyber security is human. When we fail to acknowledge the reality of human behaviour, how people typically work, day to day, we risk undermining the progress of cybersecurity technologies and email is often the Achilles’ heel, explained Dave Adamson, CTO at Espria. According to the Mimecast state of email security 2023 report, phishing attempts soared by over 60% YoY.
Whilst collaboration tools like Teams and Slack are commonplace, they’re yet to universally replace email, which remains the primary way most businesses communicate internally and externally. Email is also a vulnerable target for cybercriminals due to its accessibility and the potential for human error. Consequently, email is an effective tool used by cybercriminals to spread spam, attempt phishing attacks and send attachments and links that automatically install malware on a user’s device.
According to the Mimecast state of email security 2023 report, there were an estimated 255 million phishing attempts in 2022, a 61% jump over the prior year, indicating the increasing popularity of this method of attack. Businesses are increasingly at risk if they fail to fortify their policies and their technology. Many large enterprises have sophisticated cyber defence systems in place together with other resources; small and medium-sized enterprises (SMEs) often lack the internal resources and must rely on external partners who are dedicated to foreseeing the next trend in cybersecurity attacks and identifying weak spots in IT systems.
Email security must be a priority in an organisation’s cyber safety measures, including email encryption, multi-factor authentication, and regular updates to anti-malware software.
Considering the human element to organisational cyber resilience, communications and policies are paramount. It’s simply not possible to over communicate and repetition is key; the same cyber-attacks methods, like phishing emails and malicious content, have avoided eradication because humans forget, even if technology doesn’t.
Another way in which hackers exploit the fallibility of emails is email account hacking with the intention to steal passwords. This is also often achieved by ‘shoulder surfing’ or hacking into the office network. Once inside, the hacker may be able to impersonate nearly anyone within the organisation, including the company’s CEO, managers and executives posing a huge reputational and financial risk.
Comprehensive security measures are therefore crucial for businesses to protect employees and devices. Two-factor authentication, for example, can make it more challenging for hackers to steal employees’ passwords. However, there have still been cases where users pass multi-factor authentication credentials without realising their network is compromised. Organisations can also deploy privileged access management (PAM) to reduce risk.
Why human behaviour is both a threat and a defence
While these tactics can offer protection to a certain extent, various security issues and costs are still related to deploying these technologies. Therefore, the key to a company’s defence strategy must be detection. This, in practice, means that when someone accesses your account, atypical behaviour is spotted immediately so that appropriate action can be taken.
While most security approaches focus on protecting an organisation’s network infrastructure, attention is rarely paid to staff and end users. Although the security of the network and connected devices play a significant role in an organisation’s overall security, engaging users with the general safety of the entire organisation can play a critical role in building robust cyber defences.
The people within organisations should be provided with comprehensive training and easy-to-understand information, empowering and enabling them to identify breaches instantly. When an account or application is accessed unusually, the user knows whether they are responsible for this behaviour change. In addition, the user knows if an attacker has breached the system. For example, if an additional user is added to an account, documents could be shared with unauthorised charges or outside the network. In addition, rights could be granted to other unauthorised users. In this instance, the account owner would know whether or these are legitimate actions, potentially indicating that an account has been compromised.
Ongoing cyber security education and training also empower users to monitor their accounts, devices and other company assets. A user-centric approach is the only way to speed up security breach identification and ensure a quick response to resolve issues. Data security is everyone’s responsibility.
To read more about our Cyber Security solutions please click here.
You may be interested in
Businesses are losing money and jeopardising security to IT sprawl and quick fixes, says Espria
IT Leaders must take action on unchecked technology sprawl and shadow IT that are draining budgets, increasing cyber risks, and complicating their digital environment. According to a recent study, budgets towards insider risk management have doubled in the past 12 months, with 81% of business leaders looking to secure their internal business infrastructure as geopolitical tensions escalate and remote workforces become the norm. ‘Digital transformation ushered in new possibilities and solutions for computing, but it also introduced a potential for sprawl that burdens IT teams everywhere,’ said Brian Sibley, Virtual CTO at Espria. ‘When faced…
Espria launches Espria Connect, enhancing Microsoft Teams with Advanced Unified Communications
The new product, Espria Connect, isn’t just another telephony solution. It’s a game-changer, offering a cost-effective, scalable, and secure telephony solution for SMBs, mid-market and enterprise customers. Combining the power of Microsoft Teams with Cloud-Based Unified Communications, Espria, the leading managed services provider, is excited to introduce Espria Connect. This powerful solution streamlines business communication infrastructure and addresses the growing demand for a unified communication solution that supports hybrid work environments. Designed for businesses of all sizes, Espria Connect allows users to manage voicemail, make and receive calls, and access a diverse range of other…
Reimagining education: How AI is changing the way we teach, learn, and collaborate in schools
Technology has long been used by educators to support teaching and operations, facilitating staff with a wide range of platforms and resources. A particular tool that has sparked both controversy and curiosity is the inclusion of artificial intelligence (AI). A study by BCS, the Chartered Institute for IT, found that most teachers are reluctant to use AI for pupil learning with 84% of educators not changing the way they assess their students’ work. This comes after Ofsted recently launched an independent review on the use of AI in schools and how to develop the understanding of…
Espria launches CSP renewal assessment service
Leading managed service provider launches new service to address the costs associated with software sprawl, helping to drive down OpEx as businesses increasingly feel the financial squeeze. Espria, a leading digital solutions provider, has launched a free M365 Licence Assessment programme to help businesses save costs by reviewing existing licence estates and identifying those licences not in use or no longer being utilised. With Microsoft recently changing how they sell and structure licenses, businesses must now reassess their current M365 licenses, looking for ways to reduce costs and keep the capabilities they need as they…
Your guide to leveraging NCE pricing to get the best value
Renewing your Microsoft Licensing Agreement is an opportunity to align your IT strategy with your business goals. It allows you to take advantage of the latest technologies, optimise costs, and ensure compliance with industry standards. While this might seem straightforward at first glance, to achieve the best value and biggest discounts, it’s often more complex than it appears and navigating the renewalprocess requires careful planning. In this Blog we will walk through what you need to know about the new Microsoft Licensing rules,when to get the best value from your renewal, and how to review…
Loving your customers with AI, cybersecurity and peace of mind with MSP support
2024 has marked a massive shift for SME IT needs, as creating an appropriate and optimised business strategy has become an increasingly difficult challenge for business owners and IT operators nationwide.