CISCO ANNOUNCES INTENT TO ACQUIRE KENNA SECURITY.  
Learn more.
Contact Us
Talk to an Expert
Request a demo

Your Employees Are Your Biggest Cyber Threat. Here’s How to Neutralize It.

Apr 28, 2021
Monica White
VP of Product Marketing

Share with Your Network

People are fallible, and bad actors know this. That’s why so much time and energy rightly goes into training employees to watch for potential phishing and other scams that could compromise your infrastructure and all the value it harbors.

But today’s remote, in-office, and hybrid workers are a distracted bunch. Working from home, as an estimated 41% of all US workers do (and almost nearly as many will continue to do so in the future), means juggling multiple duties traditional office work doesn’t impose on employees. Yet even working in the office is changing, thanks to pandemic restrictions on business travel and the need to collaborate with all those colleagues who still work from home. 

It doesn’t help that 90% of companies reported an increase in cyberattacks during the COVID-19 pandemic. It’s a new, disorienting world. Hackers know it and are taking advantage of it.

You can’t count solely on training

Cyber training is absolutely necessary to help combat these threats, but new research shows common approaches to training may not be as effective as Security executives hope. Recently, TalentLMS surveyed 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. They even tested those employees to see how well they identified phishing attempts and other attempted exploits.

The results show that even recently trained employees can let threats in the door. According to the research, 69% of respondents had received cybersecurity training from their current employers. Yet even with that cyber hygiene foundation, a staggering 61% of all respondents failed a seven-question test that assessed their grasp of cybersecurity fundamentals. (Four or more correct answers earned a passing grade.)

Remarkably, those who received cyber training actually scored worse on the test than those who didn’t. Let’s just let that sink in for a moment.

Not all cybersecurity training programs are created equal, and some are more effective than others. (Our advice: go with the more effective ones.) But the fact remains employees, both in-office and at home, constitute a leaky perimeter. And if employees are your first line of defense, this research shows that your last line of defense had better be rock solid.

Don’t give hackers anywhere to go

A modern vulnerability management strategy neutralizes the threat of successful phishing and other attacks by giving even successful attackers nowhere to go. By implementing a risk-based vulnerability management strategy, your remediation teams can focus on the infrastructure and application vulnerabilities that pose the greatest risk to your business. 

A modern, risk-based approach is particularly beneficial because research shows that 80% of the vulnerabilities you’re chasing today don’t actually pose a risk to your organization. Tracking down and remediating all those vulns means you’re wasting valuable time that could be spent on other projects. And worse, it’s likely you’re needlessly leaving your infrastructure exposed because you don’t have insight into the short list of vulnerabilities you should be patching to shrink your attack surface—which is particularly important considering how easily employees can be fooled into giving up credentials, opening files or visiting web pages they shouldn’t, or worse.

A true modern vulnerability management solution applies extensive threat data, vulnerability intel, data science, and predictive algorithms to determine whether a specific vulnerability is a risk to you. 

The truth is, people are fallible. And they’re much easier to compromise than infrastructure. So it’s vital to harden your last line of defense—while lowering the risk busy, distracted employees may pose to your Security operation and everything it’s designed to protect.

Find out how you can fortify your last line of defense—and learn how easy it is to fix only what matters. 

Share with Your Network

Read the Latest Content

Risk-Based Vulnerability Management

Analysts Agree: Risk-Based Vulnerability Management a Priority for 2021

Taking a risk-based approach to vulnerability management has always been our priority, and lately the industry has followed suit. Now in a new blog listing Gartner’s Top 10 Security Projects for 2020-2021, it’s clear that Gartner thinks it should be a priority for you, too. For a sense of why RBVM is a top priority…

READ MORE
Vulnerability Management

11 Tips for Choosing a Vulnerability Management Solution

“These tips go to 11.” – Nigel Tufnel It can be daunting to choose between vulnerability management (VM) solutions when all vendors describe their offerings in very similar ways. So making the best choice for you means identifying what your organization needs, and ensuring the solutions you’re evaluating meet those needs. It’s safe to say…

READ MORE
Risk-Based Vulnerability Management

What is Modern Vulnerability Management?

Modern vulnerability management is an orderly, systematic, and data-driven approach to enterprise vulnerability management. It leverages full visibility into a technology stack to target the riskiest vulnerabilities, enabling companies to adhere to designated SLA’s, respond to threats rapidly, and have meaningful discussions about organizational risk tolerance. Got that? Let’s unpack it.  To understand what modern…

READ MORE
FacebookLinkedInTwitterYouTube

© 2021 Kenna Security. All Rights Reserved. Privacy Policy.