Technical prevention of cyber-attacks is improving all the time, thanks to the increasing number of security features on today's laptops/PCs. As a result cyber-attacks are increasingly focused on targeting users. It means a change of culture to make staff more aware of cyber security. Several international companies are finding the way to do this is to show their people how to protect themselves and their family at home, so they bring the same attitude to the workplace.
"People patching” is one of those terms that immediately makes you touch the back of your neck in search of a microchip.
But there’s no need to worry. It’s actually referring to the fact that people gradually forget about the cyber security best practice you drum into them at training sessions. You have to remind them regularly, just as you need to update your systems to keep up with new threats.
It’s a term that’s come about because people are now front and center as a major vulnerability in any security deployment. It’s always been true that people are the weakest link, but the threat grows as we all get more and more digital.
The logic goes like this: hackers and intruders use technology to attack business systems. In response, organizations improve their own tech-based defences to make it increasingly difficult for an attack to get through. What does a smart cybercriminal do? Forget the direct route and go through the people instead.
If you want objective evidence, Kaspersky’s IT Security Practical Guide tells us that 48% of data breaches originate from human error.
For good measure, Verizon’s Data Breach Investigation Report for 2019 adds:
‘18% of people who clicked on test phishing links did so on mobile devices. Research shows mobile users are more susceptible to phishing, probably because of their user interfaces and other factors.’
Phishing in particular is the classic people-centric technique, especially when the attack can look like an internal email from your boss. And no matter how diligent your employees may be, they simply can’t be on watch the whole time.
The drowsy browse through the morning inbox is a prime opportunity to catch people with their phishing antennae down. To make things even trickier, that same human complacency gets even worse when there’s been nothing untoward for a couple of months.
All of which makes regular people patching a high priority for your cyber security planning. But people are not like anti-virus solutions that meekly accept updates every week. You need a more subtle approach to get through the noise of the daily workplace distractions. In their minds, security has to be more than a bureaucratic box to be ticked.
One enlightened approach is to make it personal. Offer training or advice to employees about protecting their home networks. Free expert advice could be a real perk, especially for people with children, with all the concerns about what their offspring are up to online.
Another highly effective technique is to conduct a simulated attack to make the threat real to people, without the risk of actual harm. In some instances, the surge of relief when you discover that you’re not the person that broke the network can teach you more about IT security than any amount of technically dense slide decks.
The human factor is also why technologies such as Lenovo’s ThinkShield portfolio of secure Think devices, software, and services are designed from first principles to make security as unobtrusive for users as possible.
If things just work quietly away in the background, there’s less danger that someone who thinks they know better will try to tinker with their device and switch bothersome security settings off.
Life, and especially working life, would be dull if people were totally predictable and compliant with every rule handed down to them. That kind of blind humility is particularly counter-productive if you want to drive innovation.
Nevertheless, there are times when you need them to fall in line and embrace the constraints of corporate policy. So when you want to patch your people, you need to make sure that they understand the benefits not only to the organization, but also to themselves.
Because with the consequences of a breach potentially running into millions, security is one of those areas where compromise is not an option.