Humans are the weakest link in the cybersecurity chain
Why do our defenses keep coming up short? As any cybersecurity expert can attest, when it comes to protecting our data from a skilled and determined attacker armed with the latest technology, our cybersecurity infrastructure is only as strong as the weakest link. And, unfortunately, the weakest link is us, the people behind the screens and keyboards. This explains why phishing attacks, in all their many guises, are one of the top threats organizations face, regardless of size or sector. The research consistently demonstrates that human error is responsible for the vast majority of successful cyber breaches.
Often a single successful spear phishing email is enough to compromise the data of an entire large organization. When an employee is duped into clicking a bad link in what seems to be a legitimate email, the hacker can install malware on the victim’s device, which then quickly replicates and spreads throughout the organization, eventually giving the hacker access to critical IT systems and data stores. With the rise of ChatGPT and other generative AI tools, hackers are better equipped than ever before to quickly generate highly persuasive phishing emails, a fact that 58 per cent of organizations say they are increasingly concerned about.
The good news is that people can be trained to sniff out and steer clear of suspicious communications and other threats. Investing in cybersecurity awareness training and making it mandatory for all employees can go a long way towards reducing risks and creating a strong culture of cyber awareness in the organization. Increasing the frequency of awareness training is particularly important for helping employees keep pace with the rapidly evolving cybersecurity threat landscape.
Look to low-friction solutions for hardening cybersecurity defences
Aging technology is another factor that can significantly raise the cyber threat level for Canadian organizations. Over one-third of cybersecurity professionals (37 per cent) say their organization relies on technology released prior to 2010, while another 20 per cent report using systems released between 2000 and 2009.
In some cases, these risks can be mitigated by upgrading or replacing aging systems. However, in certain IT environments, such as those found in the power distribution industry, critical operational systems and infrastructure, often can’t be altered, updated, or even rebooted because the costs of downtime are too great. For these systems in particular, the introduction of low-friction cybersecurity solutions can strengthen an organization’s defences. For example, a network or DNS firewall that monitors incoming and outgoing traffic for known malicious threats adds an important outer layer of security to even the most aged IT environments, one that will prevent outdated systems from malfunctioning when the setup is changed.
Finally, many large organizations rely on their domain names to anchor their online presence. Ensuring that all services that depend on this domain name stay safe and strong is paramount, especially amid the uptick in distributed denial of service (DDoS) attacks that have been launched against high-profile Canadian organizations in recent months. Investing in anycast services is one proven method for protecting against these types of attacks.
Learn how CIRA Anycast DNS can help protect your organization from DDoS attacks.