Get a free web app penetration test today. See if you qualify in minutes!

Contact
Close
Chat
Get In Touch

Get Immediate Help

Get in Touch!

Talk with one of our experts today.

  • Yes, I agree with the storage and handling of my data by this website, to receive periodic emails from microminder cybersecurity related to products and services and can unsubscribe at any time. By proceeding, you consent to allow microminder cybersecurity to store and process the personal information submitted above to provide you the content requested. I accept microminder's Privacy Policy.*

  • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank You

Thank you

We appreciate your interest in our cybersecurity services! Our team will review your submission and reach out to you soon to discuss next steps.

UK: +44 (0)20 3336 7200
UAE: +971 454 01252

4.9 Microminder Cybersecurity

310 reviews on

Trusted by over 2500+ customers globally

Contact the Microminder Team

Need a quote or have a question? Fill out the form below, and our team will respond to you as soon as we can.

What are you looking for today?

Managed security Services

Managed security Services

Cyber Risk Management

Cyber Risk Management

Compliance & Consulting Services

Compliance & Consulting Services

Cyber Technology Solutions

Cyber Technology Solutions

Selected Services:

Request for

  • Yes, I agree with the storage and handling of my data by this website, to receive periodic emails from microminder cybersecurity related to products and services and can unsubscribe at any time. By proceeding, you consent to allow microminder cybersecurity to store and process the personal information submitted above to provide you the content requested. I accept microminder's Privacy Policy.*

  • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank You

Thank you

In the meantime, please help our team scope your requirement better and to get the right expert on the call by completing the below section. It should take 30 seconds!

30 seconds!

Untick the solutions you don’t need

  • Untick All

  • Untick All

  • Untick All

  • Untick All
Thank You

What happens next?

Thanks for considering us for your cybersecurity needs! Our team will review your submission and contact you shortly to discuss how we can assist you.

01

Our cyber technology team team will contact you after analysing your requirements

02

We sign NDAs for complete confidentiality during engagements if required

03

Post a scoping call, a detailed proposal is shared which consists of scope of work, costs, timelines and methodology

04

Once signed off and pre-requisites provided, the assembled team can commence the delivery within 48 hours

05

Post delivery, A management presentation is offered to discuss project findings and remediation advice

90% of Cyber Attacks are Human Error. Ten tips to prevent insider threats for your business

 
Sanjiv Cherian

Sanjiv Cherian, Cyber Security Director
Sep 26, 2023

  • Twitter
  • LinkedIn

The average social engineering breach costs the financial sector over 4 million dollars per breach.

Overview of Human Error in Cybersecurity

You are the owner of a financial banking business. An employee at that bank, he graduated from business school, and after a long year, he did land the job. One of his tasks is to receive complaints from customer portal users and fix whatever issue they are calling about.

One day, after getting a call from a particular John Doe, one of the clients at your bank. He is complaining that he lost his login credentials to the portal app and needs to transfer money for rent today. He asked if he could kindly help him. Doing his job, he asks John for his name and address, so he can fix the issue, not knowing he is getting scammed with an elaborate ruse, and the guy on the other end of the phone socially engineered his way into getting the client’s credentials.

One of the most significant security risks organisations encounter is human error, although it may need to be more evident given the insufficient resources allocated for its prevention.

“Verizon’s Data Breaches Investigations Report, back in 2022, declared humans are involved in over 80% of data breaches. It comprises instances where employees directly disclose information (e.g., through misconfigured databases) or unintentionally enable cybercriminals to exploit the organisation’s systems.”

To address this menace, those in positions of authority must comprehend the impact of human error on their organisation and acknowledge the gravity of the associated risk because social engineering is the least of the human error-related breaches. In this article, we will go over; human error, the threats it can cause to a business, incidents that occurred in real life in the financial industry, what we learned from them, and the technology solutions implemented to mitigate this pandemic.

Challenges your business might be facing right now without your knowledge

Phishing Attacks
As for the variety and severity of human-error breaches, the example up top entails social engineering. There are phishing schemes that heavily rely on human error (clicking on a “government” website in your mailbox when the word government with a misspelt URL is generally not a good sign). Cybercriminals craft deceptive emails or messages to trick employees into divulging sensitive information, such as login credentials or financial data. Clicking a malicious link or attachment can lead to data breaches, financial fraud, or ransomware infections.

Insider Threats
Some mistakes can lead to mishandling data, accidental data leaks, misconfigured cloud storage, or overlooked access controls, exposing valuable financial information to individuals. These types of human errors highlight the importance of promoting a culture of data security. Providing the proper cyber security training is an investment in the future security of your business.
Weak passwords
Despite constant reminders about using strong passwords, employees often opt for the simplicity and convenience of using a short or uncomplicated password and often reuse it for all their credentials, personal or work-related.
Lack of Security Awareness
This lack of awareness and proper security training leaves employees in the financial industry ill-equipped for the threats that lurk out there. Training your employees in the fitting practices of cyber security measures can save your business. Cybercriminals prey on this knowledge gap to carry out their attacks.
In banking, compromised customer accounts and stolen financial information can erode customer trust and loyalty. Human-related cyber-attacks in the financial industry can be extreme. Businesses must recognise the severity of human error in cybersecurity and acknowledge that staff training is necessary and an investment.

Real-Life Examples of Cyber-attacks Caused by Human Error

First American Financial: record compromission data breach
The major US real-estate insurer First American Financial, exposed over 880 million real estate transactions and financial and personal records dating back 20 years. The data was visible to everyone, much like the Whatsapp scandal in 2018, through an exploit called “Business Logic Flaw”. The attacker can go around the business web application rules hiding the hack as a valid web request.
In addition to various technical coding and design issues, the breach at First American Financial resulted from inadequate process validation. When an application fails to enforce necessary rules, it becomes vulnerable to attacks. Ensuring you possess the appropriate technical resources to effectively detect and eliminate such vulnerabilities.
Westpac Australian bank breach
In around mid-2019, hackers exposed the banking details of around almost 100 thousand customers of Westpac Australian Bank. The leaked information included personal information such as names, phone numbers, and account details tied to PayID, Enabling quick bank transfers by using a mobile number or an email. The hacker used a brute forcing technique that performed an enumeration function to guess the existing user’s password through the “forgot my password” link.
The lesson learned from this is that the use of 2FA is the main factor in stopping brute-force attacks, and it points to the importance of being prepared for brute-force attacks and proactively implementing adequate security measures to deter these attacks from happening in the future.

Canadian credit union breach: the Desjardins Group
2019 was a hefty year for the financial industries. In that year, Someone exposed the personal information of over 4 million Desjardins users in a data breach. The exposed data comprised personal information like home addresses, names, email addresses, and transaction records. Most concerning of all, it also contained Canadian social insurance numbers. And the data breach was confirmed later to have impacted 1.8 million credit card holders who were not Desjardins members. The bank paid $100 million to cover the breach repair bill, with a still pending class-action lawsuit, which could wrack up that bill. This attack’s lesson was an Inside Job, so training and vetting employees is necessary.
Equifax: credit reporting data breach
The infamous Equifax data breach. In 2017 Sept this breach exposed the social security, names, numbers, birthdates, telephone numbers, and email addresses of approximately 143 million accounts in the US and 400 thousand in the UK. Somebody stole almost 210,000 credit card numbers of customers. Equifax got fined over $700 million. A 6-month-old Apache Struts vulnerability was the cause of the hack. Remote coders gained access to Equifax data via this vulnerability. Lessons learned from this breach was a human error; in this case, using modules with known vulnerabilities is a notably bad idea, and Java web apps are the favourite target of hackers. The damage was severe to the degree that Equifax’s CEO, CIO and CSO resigned in the face of the bad publicity and resulting lawsuits (Now no one wants these results, those lawsuits follow even after resignation).

“A staggering 90% of data breaches in the UK during 2019 resulted from human error, with the majority being unintentional errors rather than intentional attacks. However, it is crucial to prioritise the development of user-friendly systems and establish comprehensive training policies. One effective measure is regularly updating staff members on the latest phishing trends and implementing redundancies in the system that help prevent simple mistakes.”

“A staggering 90% of data breaches in the UK during 2019 resulted from human error, with the majority being unintentional errors rather than intentional attacks. However, it is crucial to prioritise the development of user-friendly systems and establish comprehensive training policies. One effective measure is regularly updating staff members on the latest phishing trends and implementing redundancies in the system that help prevent simple mistakes.”

Understanding the Human Factor in Cybersecurity

Social Engineering Techniques

It is the art of manipulating people into disclosing confidential information or committing actions that would give access to unauthorised individuals. Attackers use a combination of diverse psychological tactics to exploit employees, such as trust, curiosity, fear, and authority. Phishing emails, tailgating, baiting, and pretexting are social engineering techniques that use human inclinations.

Cognitive Bias

Inherent thinking patterns that could force an individual to make irrational decisions, such as confirmation bias, humans tend to follow information that aligns with their beliefs. Cybercriminals exploit these biases to craft persuasive messages that align with employees’ beliefs, making them more susceptible to falling for scams.

Lack of Cybersecurity Training

In the financial sector, many employees need to gain the proper cybersecurity training, leaving them unaware of potential threats, and they might act upon those committing a human-error-related breach.

Impact of Stress and Time Pressure

Stress and time pressure can impair decision-making, leading to hasty actions that compromise security. Dealing with tight deadlines and high-pressure situations can make employees make an impulsive decision with a phishing email sent to them to create urgency.

Human Error as an Unintentional Threat

Honest mistakes made by well-meaning employees. For example, an employee might accidentally send sensitive information to the wrong recipient or misconfigured security settings, inadvertently exposing critical data to unauthorised access.

Importance of Security Awareness Training

Financial businesses must invest in the proper training and security awareness. Regular training sessions and simulated phishing practices can help raise threat detection and foster a security-aware culture.

Behavioural Biometrics and User Monitoring

Behavioural biometrics and user monitoring can provide valuable insights into user behaviour. Typing speed, mouse movements, and application usage to detect anomalies or signs of potential security threats are all analysed by these solutions.

What technology and what kind of response does your organisation need to have to counter these threats

Technologies Solutions to Mitigating Human Error in Cybersecurity

NSIT Cybersecurity Framework:
The NIST cybersecurity framework provides a valuable means to structure and enhance your cybersecurity program. While the 5 NIST functions - Protect, Identify, Detect, Respond, and Recover - align with other prominent security frameworks, they incorporate vital procedures.

The Bank of England’s CBEST Vulnerability Testing Framework:
The CBEST approach utilises information from reliable government and commercial sources to locate potential attackers who may target a specific financial institution. By simulating the tactics employed by these attackers, CBEST assesses the likelihood of successful penetration through an institution’s defence mechanisms. This process allows companies to identify system vulnerabilities and develop effective corrective measures. It is an intelligence-led testing framework created in mid-June 2013.

User and Entity Behaviour Analytics (UEBA):
We offer this cybersecurity solution at Microminder and implement it to detect any abnormal behavioural patterns within an organisation’s network. It leverages advanced technologies such as statistical analyses, algorithms, and machine learning to identify potential threats efficiently. This solution effectively detects deviations that may indicate security risks by monitoring network activities and comparing them to established baseline operations.
So, what qualifies as abnormal behaviours in a network? You might ask:
The cybersecurity service provider will then disconnect such users from the web if an automated UEBA solution is in place; if a user is used to downloading 30MB of data daily from your bank’s server, suddenly, they are downloading Gigabytes.

Penetration Testing Services:
Every organisation should conduct regular social engineering penetration tests. Over 80% of businesses suffered data breaches in 2022 (If the statistics mentioned above are insufficient? A quick Google search will give you more than plenty).

Multi-Factor Authentication (MFA):
This one is plain simple. Your business is safer when an employee logs in, and they can’t access their account unless they enter a digits code or use a passkey to confirm their identity.

What should any banking institution, financial insurer, or financial provider do?

If you want to take the best measures to protect your business, you seek answers and experts to assess your business’s situation. Take action and protect your business today. Get the best of the top cybersecurity firms; you’re here to excel. Get a demo today, so you will not regret it tomorrow.



Don’t Let Cyber Attacks Ruin Your Business

  • Certified Security Experts: Our CREST and ISO27001 accredited experts have a proven track record of implementing modern security solutions
  • 40 years of experience: We have served 2500+ customers across 20 countries to secure 7M+ users
  • One Stop Security Shop: You name the service, we’ve got it — a comprehensive suite of security solutions designed to keep your organization safe

Unlock Your Free* Penetration Testing Now

 
Discover potential weaknesses in your systems with our expert-led CREST certified penetration testing.
 
Sign up now to ensure your business is protected from cyber threats. Limited time offer!

Terms & Conditions Apply*

Secure Your Business Today!

Unlock Your Free* Penetration Testing Now

  • I understand that the information I submit may be combined with other data that Microminder has gathered and used in accordance with its Privacy Policy

Terms & Conditions Apply*

Thank you for reaching out to us.

Kindly expect us to call you within 2 hours to understand your requirements.