UK businesses are being urged to rethink the way in which they strategise to counter the threat of data security breaches as criminals are increasingly looking to target staff as opposed to IT systems.
Accidental data loss occurs with worrying regularity when users store sensitive information on portable storage devices and then proceed to lose them, but now malicious parties are actively looking to exploit human error in engineering security breaches, according to RSA’s Uri Rivner.
Mr Rivner identifies a general lack of awareness amongst staff, many of whom have access to data wherever they go thanks to smartphones and laptops. He says that this makes them ripe for exploitation by criminals who can get viruses and malware onto a portable device used out of the office with relative ease.
Businesses are being forced to count on technology which cannot adequately protect them from the ever evolving threats. By targeting staff with phishing and spam campaigns, criminals can slip into a system via the back door and harvest data with little chance of being detected in the short term, according to Mr Rivner.
Mr Rivner identifies the business dilemma which means that firms cannot protect themselves from such attacks because total security would mean preventing staff from accessing internal systems remotely which would have a negative impact on productivity.
It is said that a multi-tiered approach to data loss prevention and security is the only way for businesses to cope in the current climate, with employee training playing its part alongside improved data sharing and storage technology.
Mr Rivner believes that the ability to safely share data is key to combating the criminals and is something that relatively few businesses can currently claim to adequately manage. Automating security measures may help, but he says that protection must develop organically and must possess the ability to adapt in order to match the increasing sophistication of the attacks.
Over the next ten years, Mr Rivner believes that businesses will be looking to staff in order to form their security strategies, with adequate data protection only possible if the likelihood of human error is minimised.
