Mr. Ali Beshara, General Manager of NGN International, a leading Bahraini IT Systems Integrations and Managed Cyber Security Company, affirmed that although significant strides have been made in implementing automated systems for cybersecurity in companies, the human element remains crucial. Deliberate or unintentional actions by employees can still jeopardize these systems, leading to potential hacks, data loss, or financial extortion.
In a message directed at Bahraini companies, Mr. Beshara emphasized the vital importance of investing in awareness and training for all employees, not just those in the IT department. He stressed the necessity of implementing comprehensive security measures, underlining the role of each individual as a key component in the organization’s security framework.
“The human factor continues to be a significant source of cyberattacks. This vulnerability arises not only from individuals visiting phishing links or using unauthorized USB drives but also because humans can be easily manipulated through social engineering tactics, making them susceptible targets for exploitation,” Mr. Beshara said.
“Human factors still rank high being the source of cyber attacks. Not only because some click on phishing links or uses an unauthorized USB stick, but also for being an exploitable target for social engineering. Another human factor is due sometimes to negligence as happened in a big credit score organization where vulnerabilities were ignored and gave chance to attackers gain access to the systems and cause a leak of millions of personal records.,”
Mr. Beshara emphasized that sectors such as banks, energy, telecommunications, industry, and healthcare are consistently vulnerable to cyberattacks. Furthermore, he noted that these attacks have broadened in scope to encompass companies of diverse activities and sizes, including SMEs. Attackers often target these organizations, expecting their systems to be relatively easier to breach due to their limited investment in cybersecurity measures.
Mr. Beshara emphasized the shared responsibility in cybersecurity, emphasizing that employees play a crucial role as the organization’s first line of defense for its information systems. He stated, “Organizations implement multiple security layers to protect their networks and data. However, employees are entrusted with privileges, enabling them to circumvent many of these security measures for the sake of convenience. Attackers actively seek to steal an employee’s electronic identity, allowing them to infiltrate systems using the employee’s credentials.” He also highlighted that the primary human factors contributing to these breaches involve lack of security awareness, employee negligence, and the inappropriate use of privileges.
