Cybersecurity experts from NordLocker, part of Nord Security, reveal that employees from certain departments are much more lucrative targets for cybercriminals than others. With human error being the reason behind a whopping 82% of data breaches, employees are the weakest link when it comes to organizational cybersecurity.
“From receptionists to the C-Suite, every employee should be treated as an important chess piece when it comes to cybersecurity. But cybersec training and tools should be based on equity, not equality, and tailored to each department and role because exposure to outside threats and access to certain types of information varies greatly inside every company,” says Oliver Noble, a cybersecurity expert at NordLocker.
According to Oliver, these departments are most at risk of being hacked; and here’s why:
The Marketing Department
With marketers being the company’s outward-facing voice, they are some of the easiest targets for cybercriminals, according to Noble. More often than not, the email addresses and other contact information of marketers are out in public and easily accessible, which makes them a low-hanging fruit for hackers to leverage in their next phishing attack.
People working in marketing are also much more likely to fall for a phishing attack by clicking that malicious link or downloading the suspicious attachment. Because marketing departments are very likely to work with third-party vendors, receiving emails from outside sources is often a part of their routine, making it easier for a phishing email to blend in. And it only takes one slipup for malware to make its way into the network.
The C-Suite
The highest-ranking executives are an obvious choice for cybercriminals. They are usually the ones to have unrestricted access to the most sensitive company files, which if accessed by a person with bad intentions, could spell doom for the company’s future.
However, most often, it is not the executives themselves that let malware into the network, because their access points and contact details are protected by additional threat mitigation measures compared to the average employee. That cannot, however, be said about people in their closest circle, such as their assistants, which often have similar, if not the same, access credentials to internal documents but lack the same cybersecurity measures as their boss.
The IT Department
The IT department often has wider access to the most critical business data when compared to other branches, including important credentials, and encryption keys, which makes them exceptionally lucrative targets for cybercriminals. Apart from that, people working in IT are responsible for handling the entire company’s digital infrastructure, which if exposed to hackers, could shut the entire company down and hold it hostage in a matter of minute.
Download: Creating a Ransomware Response Plan
How to safeguard your business from a cyberattack
According to Noble, people can avoid many data breaches by following these steps to improve cybersecurity:
- Encourage cybersecurity training. Investing into your employee’s knowledge is one of the fastest ways to prevent a cyberattack from happening in the first place. It should be organized regularly and have a holistic approach that covers every single employee.
- Adopt zero-trust network access. The mindset of “trust none, verify all” is based on the zero-trust paradigm and is applied through identity authentication to access work equipment and resources, network segmentation and access control management.
- Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution.
- Enable multi-factor authentication. Known as MFA, it serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity – these can be separate apps, security keys, devices, or biometric data.
Leave a Reply