Creating a culture of security to defend against social engineering attacks


The Fifth Annual Benchmark study on Privacy and Security of Healthcare Data by Ponemon Institute has recently revealed what others have long perceived: There has been a shift in the root cause of data breaches from accidental to intentional. While 90% of healthcare organisations represented in the study had experienced a data breach, for the first time, criminal attacks are the number one cause of these breaches.

Criminal attacks are highly targeted. When it comes down to it, attackers will stop at nothing to break into an organisation. They will use whatever means necessary to infiltrate, especially if those means are low risk. It’s far easier for attackers to bypass technical controls and exploit human nature to breach an organisation than to compromise a network surrounded by technical controls.

Unfortunately, there is plenty of overlap between the proactive criminal and the unsuspecting employee that really adds fuel to the fire. Despite the balance of breaches shifting to criminal activity, organisations are beginning to recognise the importance of starting with employees first. According to Ponemon’s study, the data backs this up, as healthcare organisations rank employee negligence as a top concern when it comes to the exposure of patient data. Employee negligence goes far beyond the occasional lost or stolen laptop. What about when an employee accidentally discloses confidential data? A whopping 70% of Ponemon survey respondents admitted that careless or negligent employees are responsible for the most concerning security incidents impacting their organisation, but what can be done to help?

Also, in Australia, the Australian Signals Directorate has openly acknowledged that Social Engineering tops the list of threats to Australian businesses, so it’s a true concern and one that doesn’t have an easy answer…Click HERE to read full article.