Cybersecurity leaders are well aware of the cost of human error and even the big corporations are not immune to it.
Recently, Banks, governments and big corporations went into a frenzy after Anthropic shared information regarding its Mythos AI model.
If you missed the news, Mythos is an AI model developed by Anthropic that seems to be able to identify and exploit vulnerabilities in software. By exploit we mean develop an effective attack to hack the software, using the identified vulnerabilities.
Anthropic decided not to release it to the public, for fear of it being used by the bad guys.
Human error is an issue for all companies, no matter their size
Here is the twist: Bloomberg released a report claiming some users gain unauthorized access to Mythos.
Following the report, Anthropic said in a statement:
“We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments“
Such events are more common than one may think; the most known one to date being the solar winds cyber attack.
Indeed, cybercriminals are more and more attacking the supply chain, for many reasons, among which:
- It is easier to gain access to a company’s information system through one of its suppliers, since those suppliers often have weaker security controls in place.
- Organization regularly forget to remove access of third parties to their information systems.
- by hacking one vendor, cybercriminals could gain access to all their clients’ information systems, “killing many birds with one stone”.
Cybersecurity awareness as a solution for reducing human errors causing incidents and data breaches
Of course, implementing security controls to secure third party access is mandatory. But those controls may prove ineffective if the organization does not address possible human error : controls can be ineffective if employees keep bypassing or ignoring them.
This is where a cybersecurity awareness training program can help by training your employees to help them:
- Understand the risks and potential consequences of their actions
- Understand what to do and what not to do
- Understand how they should react in the event of a suspected attack.
But an effective cybersecurity awareness training program must go beyond that:
- It has to take into account the starting point of each employee – their initial cybersecurity knowledge – and deliver a training tailored to each employee instead of the same program for everyone.
- It has to keep employees engaged and regularly train them through nano or micro activities and provide actionable insights.
- It needs to help employees understand how to securely use the most common apps, software and systems, including the most popular AI systems.
The good news: you don’t have to do it manually. There are effective solutions to automate most of your cybersecurity awareness training program.
These programs are considered today as basic cyber hygiene and will greatly help your organisation reduce the frequency or impact of incidents and data breaches caused by human error.
Reach out to learn more about how Stratechno can help you design and implement an effective cybersecurity awareness program.
