Wednesday, November 23, 2016

A 'mole' by mistake

The report of the week

The 70s. George Smiley is a spy who is forced to put an end to his career with the British Secret Services because of a failed mission in Budapest. However, just when he had already accepted his destiny, in the last minute, his boss gives him a new task. And now, discretion will be everything. It is suspected that among the members of the dome there is a mole who is spreading secrets that endanger all their other missions. Who will it be? Smiley must gather information and put all the pieces of the puzzle together to unmask the traitor.

This is the plot of Tink Tailor Soldier Spy (2011), a British espionage film that received three nominations to the Oscars and is based on the homonymous novel by John le Carré. Its structure is quite complex to make the spectators open their eyes widely and pay attention to every single detail, until finally the million dollar question is revealed: the mole’s identity.

We spend so much energy protecting ourselves from external threats, from the competitors and cyber-attacks, that we don’t care so much about who we have in the company. What would happen if one of our employees, either out of ignorance or perhaps with treachery, opened the security barrier and let our confidential information escape? Without wanting it or not, he or she would be a “mole” that could endanger our most precious assets: our data.

But one thing is to be a mole with knowledge, with a purpose, and a very different thing is to be just a careless employee. The point is that no one wants to have one in their organization. A recent survey by Kaspersky Lab, conducted among 4,000 companies in 25 countries in 2016, has found out that one of the main causes of the success of cyber-attacks in enterprises is because of their most important asset: their employees.

For eight out of ten companies, data protection is the main area of concern. And six out of ten typical vulnerable areas are directly related to this fear of losing data. Nonetheless, it is surprising to see that only half of the surveyed companies acknowledged that their computer systems could be compromised in the future and, consequently, they would take precautions when the time comes. This means: only 52% would take preventive measures. 48% would not do anything or at least haven’t thought about the possibility.

In the last year, globally, 43% of the businesses have experienced data leaks as a result of a data breach. Two of the most serious causes are: firstly, the oversights of employees who are poorly trained in cybersecurity (59%). Secondly, phishing and social engineering (56%), the art of hacking humans.

The Kaspersky Lab survey shows that cybercriminals are getting into corporations thanks to uninformed employees. Bosses should take this fact into account and ensure that their workers learn the company policies and procedures to avoid several safety threats such as downloading viruses, clicking on unsecure websites, get infected with malware or respond to a fraudulent email. In other words, we could say these employees are also “moles”, but in the sense of their poor sight, by being half blind and not being able to see the trap coming.

However, the big surprise of the survey is that the least secure and most frequent point is the inappropriate use or exchange of data through mobile devices, with 54% of businesses recognising not knowing how to deal with this threat.

“The survey results indicate the need for a different view on the growing complexity of cyberthreats”, said Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab. "The key point is to take care of the biggest vulnerability: worker’s carelessness and their exposure to data". These challenges can’t be addressed by technology or algorithms, they require a better awareness of employees and training in order to make them understand the risks.

If you don’t want to reveal the secrets and confidential information of your business, you have no choice but to become George Smiley and hunt the mole (if the mole is truly a spy). Or teach your employees to stop being “little moles” of cybersecurity and teach them how to pay attention and open their eyes every time they connect their computer at the office, so they can detect any threat, malware, phishing attack or trick from the outside.

Image source: 
Film poster Tink Tailor Soldier Spy


Post a Comment