COMP 212 Week 16 Lecture
COMP 212 Week 16 Lecture
EMPLOYEE NEGLIGENCE
A CAUSE OF CONCERN FOR CYBER SECURITY
Presented by: Mr. Jayson L. Lagrimas
Credits To: Ms. Jermaine Anne Tarriela
01/21/2021
A Cause for Concern Employee Negligence
01/21/2021
The Number One Cause
• The lack of awareness or negligence regarding
cybersecurity among staff can lead to dramatic
consequences for the organization
• According to a published report by
Carmen Reinicke in 2018. The biggest cybersecurity
risk to US businesses is employee negligence, study
• Employees who are not properly trained about cyber
security lures a lot of hackers to into compromising
and getting this sensitive information
01/21/2021
HUMAN ERROR
• Just like in any industry, CYBER SECURITY is also a
subject of human error. Negligence is a human error
—any unintended or accidental action. It is
emerging as one of the prominent causes of
security incidents
01/21/2021
3 Types Of Employees That Can Cause A Data Breach
01/21/2021
INNOCENT ACTIONS
• When it comes to breach of data, innocent workers
can cause as much damage as malicious hackers;.
The lack of knowledge and competency of
employees is a serious threat for information
security. Sometimes an innocent action causes a
major consequences and poses a grave threat
01/21/2021
Careless or negligent?
• When an employee does not give a care about
his/her information being compromised or if the
employee does not take immediate action on how to
manage information. This is a recipe for disaster
which will lead to company losing millions in profit
01/21/2021
MALICIOUS
• Unfortunately, as well as human error, malicious
actions by employees also play a part in insider data
breaches. Employees with knowledge and intent to
compromise information is very dangerous, they are
actually more dangerous than external threats or
hackers. In some cases this leads to company
espionage and trade war of information
01/21/2021
Example
01/21/2021
Threat and Impact of Negligence
• System misconfigurations, poor patch management
practices, and poor password management
practices are a few examples where highly skilled
system and network administrators commit
unintended mistakes. To guard the security
infrastructure, organizations can put up numerous
security controls as well as act on continuous
controls and compliance.
01/21/2021
5 Common Negligence by EC Council
1. Falling for Phishing Attacks
• When an employee opens an email containing malicious content
• How to Avoid
• Establishing a security-centric culture is more beneficial than
merely talking about the importance of cybersecurity at the time
of hiring
• Regularly run phishing simulation tests can help the employees
to follow pre-defined security policies. It will also help you
identify high-risk users so that you can work with them
individually.
• Implementing filters and anti-spamming tools will create a safe
environment for the employees.
01/21/2021
5 Common Negligence by EC Council
2. Poor Password Practices
-When an employee has a poor password management or a
lack thereof is a risky practice. This can lead to
ccompromising sensitive information
01/21/2021
5 Common Negligence by EC Council
3. Incorrect Management of Privileged User Accounts
• High privilege accounts are sometimes poorly managed,
often this cause by the lack of experience and technical
expertise of privilege account users. Such practices
make admin accounts an easy target for cybercriminals.
Once compromised, the attackers can bypass secure
networks to access sensitive data.
01/21/2021
How to Avoid
• Restricting all accounts to least-privilege features—
minimizes the risk of compromising admin credentials
and then losing sensitive data to cyber attackers.
• Ensuring availability of high-privilege features on an “as-
need” basis instead of granting a few accounts with all
the administrative rights.
• Having multi-factor authentication limits unauthorized
users to access data.
• Ensuring admin accounts should be limited to
alter/access only a few specific sections of the entire
infrastructure.
01/21/2021
5 Common Negligence by EC Council
4. Unauthorized Users Having Access to Corporate
Devices
• When employee let their friends and family members
access their employer-issued devices . These unauthorized
users will get access to sensitive data as well as they can
download malware by mistake
• How to Avoid
• Enforcing a detailed security plan that states dos and don’ts.
Team leaders must actively participate
• Ensuring corporate devices have a two-factor
authentication to access any sensitive data. For
implementing the stated, use proper security controls.
01/21/2021
5 Common Negligence by EC Council
5. Misdelivery- Employees sending an sensitive
information to wrong recipients fall under the
category of “misdelivery.” This is one of the most
challenging errors to avoid.
01/21/2021
How to Avoid
• Enforcing encryption can help against accidental
disclosure.
• Using pop-up dialog boxes will help remind senders
to double–check the recipient’s address, especially
when sending sensitive data.
• Using Data Loss Prevention (DLP) solutions can help
limit information leakage when data are sent out of
the corporate circuit.
01/21/2021
References
• https://www.insurancejournal.com/news/national/2017/03/01/443270.htm
• https://armis.com/wannacry/
• https://www.cygnussystems.com/three-ways-your-employees-will-invite-
hackers-into-your-network/
• https://news.bloomberglaw.com/class-action/capital-one-hit-with-first-
class-action-over-security-breach
• https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf
• https://www.proofpoint.com/us/resources/white-papers/user-risk-report
• https://blog.eccouncil.org/negligence-the-number-one-cause-leading-to-
cyberattacks/
• https://www.welivesecurity.com/2017/05/26/3-types-employees-cause-
data-breach/
01/21/2021