In the majority of cases, that will be by design. There’s a saying in the cyber security industry, coined by renowned cryptographer Bruce Schneier: “Only amateurs attack machines; professionals target people.” When it comes to repeating the same process safely and autonomously, machines are less fallible than the average person sitting at a desk. Savvy hackers looking to boost funds from unsuspecting small practices know this. So instead of developing a complex program that dances around the security measures baked into sophisticated modern technology, they target the hapless folks on the other side of the screen.
The strategy works disturbingly well. According to IBM’s 2018 X-Force Threat Intelligence Index, more than two-thirds of firm records compromised in 2017 were due to what they call “inadvertent insiders” – employees who left the front door wide-open for the bad guys without even realising it. Negligence, lack of awareness and sheer bad luck put the best-laid plans to shame on both sides.
But how does it happen? There are three primary causes of employee-related breaches, each of them contributing to a sizable portion of hacks across the country.