A stark reality facing today’s businesses is the never-ending threat to cyber-security and a strategy for how to combat it. An even greater concern is damage to corporate image, consumer trust, loss of revenue, liability to customers, and the ever-increasing statutes imposed by lawmakers and agencies who point the finger at businesses for failure to take responsibility for preventing data theft.
Cyber-attacks are real and occur often in the places we shop, the materials we move throughout factories and nearly everything we take for granted. Incessant waves of computer, server, cloud and mobile hacking have led to compromised data, unwarranted access to private information such as Social Security numbers and bank accounts, and industrial espionage. The number of attacks on companies has become nearly unquantifiable. The Heritage Foundation reported that in 2015, “companies saw an average of 160 successful cyber-attacks per week, more than three times the 2010 average of 50 per week.”1 As early as 2006, Joe McGrath, at the time the president of Unisys, called the security of data and systems processes “an incredible challenge in the global/digital economy.”2 All these years later, this still is true. In fact, it’s become worse.
Yet for inexplicable reasons, businesses give what is little more than lip service when it comes to cyber-security. They tend to overlook vulnerabilities even as the number of mobile devices such as smartphones and tablets that can access data worldwide increases. Too many companies allow employees and associates to access data from either corporate-owned or private devices away from the workplace. Such access, regardless of password protection and, in some cases encryption, is a chasm that provides a huge opening for cyber criminals who are all-too capable of penetrating servers through apps or other stealth measures.
Hackers remind us on a daily basis that no one is totally secure. In fact, it’s a lesson that most businesses should have learned by now. Moreover, for all the emphasis on technology, the weakest link in cyber-security may go beyond technology and have everything to do with people, specifically those who manage and maintain the system. Failure to identify and correct human shortcomings is a flaw that can and most often will render a system vulnerable and likely to be exploited.
Why aren’t businesses giving equal attention to the human element as well as the technological one? Perhaps it’s because they are so focused on stopping external threats that they overlook weak spots in their first line of internal defense—their people.