Your most valuable asset has nothing to do with information or data you store, but rather within your human resources departments – which may also be your greatest weakness.

Weaknesses

Cybercriminals don’t sleep. Nope. In fact, it’s when we sleep that cybercriminals are the most active! There is a good stretch of time during which they can cause significant damage before we rise to start our day, much less notice. While the rest of us are sleeping, cybercriminals are like attendees at an all-night rave with glow-in-the-dark colors splashed about the otherwise-pitch-black room, in the form of paint, black lights, and glow sticks worn by the party goers. Loud music pumps up the energy well into the wee hours of the morning, until just before Average Joes rise at the sound of their alarm clocks to prep for the workday.

Unlike the revelers at the rave, cybercriminals – hackers – aren’t dancing the night away in black leather and copious amounts of hair gel, although we can’t guarantee their wardrobe or style choices. What we can guarantee is their activity: seeking a network with even the tiniest cybersecurity vulnerability which they plan to exploit to their every advantage. This is where your greatest asset comes in: human resources. These human resources are not the team members that oversee onboarding, payroll, benefits administration, or anything like that. We literally mean the resources on your staff that is human! The people that get the daily tasks done are an organization’s greatest asset, even more so than the most dedicated and loyal customers that spend the most money.

Think of these human resources like cheerleaders in a human pyramid: the company is only as strong as the weakest link. This group of individuals is the frontline of defense when it comes to a network’s cybersecurity, and no individual is foolproof. That’s the goal of any hacker, to find that one email address or Internet user that isn’t as solid on defense and wriggle inside with covert tactics.

Most professional organizations install some form, or multiple forms, of antivirus protection at the user-level, as just one of the methods to safeguard against cybersecurity vulnerabilities. End-user antivirus software has remained one of the most effective and reliable methods to protect against infiltration, but antivirus programs have three major faults:

  • Antivirus programs are only as “good” as the programmers that designed them.
  • Antivirus programs are only effective when installed and used properly by the end user.
  • Criminals don’t follow the rules.

That last part is the most important of everything you need to keep in mind for your cybersecurity needs. Hackers have their own set of rules, and those rules change faster than anyone can keep up – including antivirus software developers.

How does antivirus software work? Software installed to protect at the user level, known as endpoint protection, is design to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected. If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – it recognizes as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against the suspicious behavior.

The threat landscape is evolving, and new viruses and threats are constantly emerging – faster than antivirus software programs can keep up. Increasing security challenges present ongoing opportunities to strengthen cybersecurity. Brand new viruses emerge and antivirus programs react with new updates to maintain optimal protection for the user’s computer or network. The problem is that the antivirus software industry is in a constant reactive state. Detecting in advance is more proactive, but it relies on predicting criminal behavior. The good news is some viruses behave similarly because of their design, and this helps antivirus programs detect “families” of viruses, including some newer versions.

The trouble is like we mentioned before, is that criminals don’t follow rules. Cybercriminals already know how antivirus software programs work, and the most effective means by which to ensnare a victim to gain access to a network. The number of new viruses being detected each year drastically decreases, which poses the question of whether fewer viruses are being created or antivirus software programs are less effective. It’s not a great position to be in, and a question no business owner ever wants to be forced to answer.

There are many arguments that claim virus detection software programs aren’t as effective in the last 12 months as compared to the previous time frame. Current overall detection rates for the last 12 months are averaging right near 70% of the time. Considering this number is nearly three out of every four instances where a threat is detected before it has the chance to impact a user or network, it’s not a terrible statistic, but it’s still incredibly scary. The potential damage a virus that slips through these cracks can cause is immeasurable.

  • Reports have shown the average number of professional emails received per day is near 125. Of these, about 75 are legitimate, which means that roughly half of all emails received are spam. These only represent the number of messages that clear security filters.

After digesting these scary numbers, consider an even scarier number: the IT budget for an organization. This is the number by which an organization’s ultimate cybersecurity strength is measured.

  • Do enough resources get allocated to training end users?
    • If your human resources – end users – are those responsible for not falling victim to a cyber-attack, help prevent them from being the weakest link that allows access to your network.
  • Does enough of the budget account for emerging cybersecurity needs?

Your human resources are your greatest asset, but only if properly armed with the right tools and knowledge to protect themselves, a network, and the organization for whom they work. The right cybersecurity awareness training and education can be the thin line between an organization’s success – and failure.