I hear this in several conversations with IT and security executives. This generation of technologically aware “kids” are now an integral part of the business community. The existing generation of leaders in business are struggling to properly integrate these people into existing and legacy security and risk frameworks.

The rising number of millennials in the workplace is seen as a major risk because the “youngsters” don’t take cyber security at work seriously enough. They simply do not care!

I am not convinced.

The modern workplace is an interesting place and in my opinion it is very unique. We have three distinct species who have to combine to generate ongoing value for the business. The business operates in and is part of a hyper-connected world and all three of these work species have different knowledge, acceptance and understanding of technologies. Here is my list of these species.

With an ever-changing cyber world, we are constantly needing to change our approach to prevent cyber attacks from happening.  It can help by staying up to date with the latest in cyber criminals methods of attack.

Once detected, our specialists, localise the threat and stop it before it gets to the point of no return. Early detection is the only way to save yourself from data loss, this is why having a multi-layered cyber security defense system in place and the right security partner can save you money, time and stop confidential information being compromised!

In case you are unsure of what a malicious attack is, these types of attacks are attempts to forcefully take control of someone’s computer and gain access to their data through different methods, that once activated, will take the form of executable code, active content, scripts and other software. The different attacks are described by different names, depending on how they are spread through your environment. Some of these are described as worms and trojan horses among many other terms.

We all know somebody who has had their mobile phone stolen. It is not uncommon.

Everybody then simply assumes that this is to fuel a drug habit or to make a few bucks by selling the device. In many instances, this is no longer the case.

There are growing numbers of events where the stolen device is used to empty bank accounts of the individual who has had their phone stolen.

Hackers can bypass the phone’s passcode or other security measures quite easily. They then have access to the device and everything you have saved on it. They have control over your email – allowing for them to change passwords and add authentication credentials such as fingerprints, etc.

With this access they will go into your internet banking apps, create new beneficiaries and empty your accounts. This is a very real threat. It is happening every day.

I know the statistics – I hear the stories – I speak about it all the time.

The Insider Threat is real and most cyber-attacks are a result of someone who is already inside the firewall. The user is the biggest threat to the business. We all know the song.  

J2 Software’s 12 years of insider threat knowledge and intelligence confirms these figures. It is the truth. The trusted user is the one that causes the most damage. It is all their fault so STOP blaming them.

Huh, sorry what now?

Yes, it is time to stop blaming the user. I know this sounds strange, we know that the user is the problem in virtually every breach. I can also confirm that in almost all those cases the breach happens because users either:

1. Have not been shown what to look out for
2. Do not understand the risk
3. Have unmonitored and unverified access to systems

Let me dwell on this for just a second - If a person is not aware that there is a risk, does not know what it looks like and has not been told how to prevent it – why do you still blame them?