Featured Image

Cybercrime is an Inside Job

One of the biggest threats to a company’s cybersecurity is its employees. Promoting cybersecurity means focusing on reducing human error and promoting cyber hygiene.
Aug 01, 2023

Your biggest cybersecurity threat is you. You and all your fellow humans. To protect your company from cybercrime, you have to focus on reducing human error. There is a lot of room for improvement.

According to Verizon’s Data Breach Investigations Report, a staggering 74% of cybersecurity breaches are driven by the human element. Criminals are cashing in on the vulnerabilities caused by the human element through a process known as social engineering.

Understanding Social Engineering

Social engineering is the act of manipulating people into doing something they may not want to do. Cybercriminals work to get users to divulge confidential information that can be used to commit various crimes — from information mining to complete system takeovers for ransom. The vast majority of social engineering attacks begin with email phishing.

Phishing isn’t new. We’ve all been offered a fortune from a long-lost foreign relative who just needed our bank account number. Unfortunately, phishing has gotten more customized and complex over the years. Often, attacks now come from a “friendly source” — which might include an email address you think you recognize or a company name that looks familiar (sometimes with a slight misspelling). And, as always, the attacks play on human emotion to get people to act without thinking.

Artificial intelligence is also being deployed to make phishing emails more real and sophisticated. Tools like ChatGPT help criminals ensure that their emails use proper English and sound convincing.

In the face of increasingly sophisticated, nebulous criminals, what can you do? A lot. Start here.

1. Prioritize real threats.

You don’t need to create dramatic scenarios or once-in-a-lifetime breaches. Real security threats are happening every day — likely to you. Most security threats come in through email. If you’ve got email, you’re a potential risk. Make sure you are using multifactor identification for email. Utilize the security tools that are built into G-suite and Office 360. Use antivirus software and keep systems updated.

2. Focus on awareness.

No matter how much you prioritize, there will still be cyber threats, and some will get through. Now, you need to minimize risk by focusing on awareness. User education is key. Teach users to spot phishing threats — and report them. Phishing simulation tests are a great way to prepare employees. People still fall for scams that make them feel fearful or curious. Make sure staff at every level know that email is not innocuous.

3. Train, train, train.

Cybercrime is now offered as a service — meaning that professional hackers and scammers are working full time to bait, switch, and trick. Small to medium manufacturers in particular have to prioritize cybersecurity training because a single attack could damage or even eliminate their business.

Employees need to receive regular training. Security awareness training providers make the cybersecurity training process more dynamic and engaging — making it more likely to work. Even after training, you will likely have some outliers who will click on bad links but bringing that number way down will go a long way toward protecting your business.

4. Build (and encourage) good cyber habits.

Most people already have bad cyber hygiene. They don’t use strong passwords. They don’t use password managers. They click ALL the links or open the attachments in their emails. They don’t report suspicious emails. Now it is time to build good cyber habits.

Teach employees the why and how for cybersecurity. Educate them on building stronger passwords and using password managers. Show them what a healthy skepticism of email looks like. Help them to understand why reusing the same password all the time will lead to a quick data breach. Building a habit takes time and practice. Start to foster a security culture through strong leadership, training, and frequent reminders.

With time and practice, it is possible to clean up your cyber act and stop cybercrime — from the inside.

Benjamin Moses
Director, Technology
Recent technology News
Collaboration = manufacturing. Check your chips. Who doesn’t like new materials? 5G in manufacturing. We are living in the future.
Meta manufacturing. Modest comeback in factory jobs. 5G-enabled students. Augmented reality isn’t dead yet. Bing is back.
Check in for the highlights, headlines, and hijinks that matter to manufacturing. These lean news items keep you updated on the latest developments.
Challenges faced by manufacturers. No more greasing ball bearings??? In-field inspection. Making additive more better. Automating customers.
Lean leadership. Manufacturing: there’s an app for that. Reshoring is real. Shrinkflation fit tooling. What do you call a hedgehog with ADHD.
Similar News
By Benjamin Moses | Aug 29, 2023

Episode 101: Ben and Steve discuss the precision and accuracy of “just eyeballin’ it” and torque wrench etiquette. Benjamin gets in-depth on cold spray additive manufacturing.

20 min
By Bonnie Gurney | Sep 12, 2023

Registration has opened for IMTS 2024 – The International Manufacturing Technology Show, taking place Sept. 9-14 at McCormick Place in Chicago.

5 min
By Douglas K. Woods | Jul 29, 2023

While it might seem that pursuing ER&D during a downturn would be unsustainable, it is actually a sensible approach. Let’s face it: When you’re busy, you’re not likely to have your people do anything other than focus on their main tasks.

5 min