The biggest weakness of security breaches are the people, but at the same time, they can also be your organization’s biggest defence.
The massive telecom data breach, stolen credentials, data compromised are some of the daily issues that we see these days. All of these major breaches resulted from mistakes of individuals.
Despite years of education, millions of pages of policy, and pervasive annual mandatory training. According to the EY Global Information Security Survey, 60% of security professionals rank employee carelessness as a top threat, up from 44% in 2015. Willis Towers Watson reports that 66% of all cyber insurance claims stemmed from employee negligence or malfeasance.
We no longer have an awareness problem: Workers have heard the stories, and they only know half the story, which can be a problem. Employees should know what action they need to take.
Adam Marre’s article on dark reading mentions how that almost 70% of US adults know what phishing is, and how to avoid it, yet they fall victim. The fact is only
10% of them know how to determine if the link is legitimate. They know that clicking on links from people they know is safer and it is not likely to be a phishing attack.
Instead of creating firewalls to avoid cyber threats if companies could put much thought into helping their employees as they did, they would increase the security of their organization. But that seems too much for the already overburdened security professionals. This could mean increasing training or implementing other processes.
Awareness training is an essential part of securing an organization. However, the idea should be to create a security culture, not to make them knowledgeable.
Get it Started
Train the leaders first, because if the employees don’t see the practices being demonstrated by the top, it will hard to gain traction among the team. Demonstrating secure practices can help leaders protect their workforce against cyberattack.
Each employee is a major threat vector to your organization, so a security culture must be created and be implemented accordingly. Every employee should carry a security mindset, and it is that one step towards developing a culture to protect your company from security breaches.