Humans: The weakest link in Cybersecurity

Humans: The weakest link in Cybersecurity

July 14 2017 | Published by Marie Stanley | Blog Industry News

Bupa have revealed that their latest security breach affected over 500,000 insurance customers when one of their employees inappropriately copied and removed information.

With all the measures in place to prevent cyber-attacks; are we doing enough to prevent internal breaches?

Bupa have confirmed not all their customers have been affected but those who have been are: ‘international private health insurance holders with a ‘BI’ policy number’.  The BBC has noted that whilst ‘customers with domestic health insurance have not been impacted, British customers could be if they purchased plans for use abroad’.

Breached information includes names, date of birth, nationality and some contact and administrative information including membership number. Bupa can confirm that no financial details or medical information has been compromised.

A short video from Sheldon Kenton, Managing Director of Bupa Global can be found here.

Kenton confirmed that a ‘thorough investigation is under way and we have informed the Financial Conduct Authority and Bupa’s other UK regulators’.

Bupa have assured that the employee responsible has been dismissed and that legal action will be taken.

Are you doing everything you can to prevent human security breaches within your organisation?

When dealing with the threat of cybercrime; Forbes have identified 5 key factors that should be addressed:

'1. Training and Risk Culture: Each organisation must identify its own unique learning styles and implement the appropriate initiatives – which may include advanced learning methods such as gamification – to impart the right kind of cyber behaviours.

 

2. Controls: Each terrifying cyber scenario needs to be decomposed into the steps or actions that the criminals need to execute if they are to succeed. From phishing, to installing malware, gaining access, controlling an account, executing fraudulent transactions, etc. – these steps are risks or issues that need a series of strong controls in place. There is no substitute for a holistic risk assessment and control management framework, with robust mentoring and testing.

 

3. Measurement with a Purpose: Organisations need new ways to identify and track employee behaviour that may indicate cybercrime in progress, either because of an insider or because their account has been taken over through malware or a trojan. Analytics can help spot activities – such as employees working during non-working hours, employees with poor performance reviews who have access to customer data, or the downloading of unusually large files – which correlate strongly with misbehaviour or outright crime.

 

4. Operating Model: Cyber security must work well across the organization. The right operating model bridges the IT, front office, fraud and risk silos. It can help define accountability, enforce good decision-making and measure effectiveness. Organisations have many operating models from which to choose, including establishment of a “cyber czar” position to set policy and influence activities, or the creation of an enterprise-wide cyber risk function to identify, measure and respond to threats.

 

5. Resilience: Despite the organisation’s best efforts, things can and will go wrong. A comprehensive resiliency plan – which includes elements such as event response, communications, crisis management, detection, threat identification and operational monitoring – can help minimize losses and protect the organization’s reputation in the event of a breach.' 

 

For more information on how to stay secure and best practise within your organisation contact your Foursys account manager today.

Our free toolkit provides everything you need to roll out cybersecurity best practice training.