With the human element being the reason behind a whopping 82% of data breaches, according to a recent Verizon study, employees are the weakest link when it comes to organizational cybersecurity. However, marketing, C-suite and IT department employees are at the highest risk for cyberattacks, according to NordLocker.
Being the company’s outward-facing voice, marketers are an easy target for cybercriminals. Typically the email addresses and other contact information of marketers are available and easily accessible, making them low-hanging fruit for hackers to leverage in a phishing attack.
People working in marketing are also much more likely to fall for a phishing attack by clicking a malicious link or downloading a suspicious attachment. Because marketing departments are very likely to work with third-party vendors, receiving emails from outside sources is often a part of their routine, making it easier for a phishing email to blend in.
The highest-ranking executives are an obvious choice for cybercriminals as they often have unrestricted access to the most sensitive company files, which if accessed by a bad actor, could create a security threat.
However, as their access points and contact details are protected by additional threat mitigation measures when compared to the average employee, it is not the executives themselves that let malware into the network. Rather, it is often their assistants who typically have similar access credentials, but lack the same cybersecurity measures.
The IT department often has wider access to the most critical business data when compared to other branches, including important credentials and encryption keys, which makes IT an exceptionally lucrative targets for cybercriminals. Apart from that, people working in IT are responsible for handling the entire company’s digital infrastructure, which if exposed to hackers, could shut business down in a matter of minutes.
How to prevent a cyberattack
To avoid data breaches and improve cybersecurity, Oliver Noble, a Security and Encryption Specialist at NordLocker, advises the following:
- Encourage cybersecurity training. Investing in employee knowledge is one of the best ways to prevent a cyberattack from happening. Training should be organized regularly and offer a holistic approach, covering all employees.
- Adopt zero trust network access. The mindset of "trust none, verify all" is based on the zero trust paradigm and is applied through identity authentication to access work equipment and resources, network segmentation and access control management (ACM).
- Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution.
- Enable multi-factor authentication (MFA). MFA serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity. These can be separate apps, security keys, devices or biometric data.