Your Employees Are Your Biggest Cyber Threat. Here’s How to Neutralize It.
Share with Your Network
People are fallible, and bad actors know this. That’s why so much time and energy rightly goes into training employees to watch for potential phishing and other scams that could compromise your infrastructure and all the value it harbors.
But today’s remote, in-office, and hybrid workers are a distracted bunch. Working from home, as an estimated 41% of all US workers do (and almost nearly as many will continue to do so in the future), means juggling multiple duties traditional office work doesn’t impose on employees. Yet even working in the office is changing, thanks to pandemic restrictions on business travel and the need to collaborate with all those colleagues who still work from home.
It doesn’t help that 90% of companies reported an increase in cyberattacks during the COVID-19 pandemic. It’s a new, disorienting world. Hackers know it and are taking advantage of it.
You can’t count solely on training
Cyber training is absolutely necessary to help combat these threats, but new research shows common approaches to training may not be as effective as Security executives hope. Recently, TalentLMS surveyed 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. They even tested those employees to see how well they identified phishing attempts and other attempted exploits.
The results show that even recently trained employees can let threats in the door. According to the research, 69% of respondents had received cybersecurity training from their current employers. Yet even with that cyber hygiene foundation, a staggering 61% of all respondents failed a seven-question test that assessed their grasp of cybersecurity fundamentals. (Four or more correct answers earned a passing grade.)
Remarkably, those who received cyber training actually scored worse on the test than those who didn’t. Let’s just let that sink in for a moment.
Not all cybersecurity training programs are created equal, and some are more effective than others. (Our advice: go with the more effective ones.) But the fact remains employees, both in-office and at home, constitute a leaky perimeter. And if employees are your first line of defense, this research shows that your last line of defense had better be rock solid.
Don’t give hackers anywhere to go
A modern vulnerability management strategy neutralizes the threat of successful phishing and other attacks by giving even successful attackers nowhere to go. By implementing a risk-based vulnerability management strategy, your remediation teams can focus on the infrastructure and application vulnerabilities that pose the greatest risk to your business.
A modern, risk-based approach is particularly beneficial because research shows that 80% of the vulnerabilities you’re chasing today don’t actually pose a risk to your organization. Tracking down and remediating all those vulns means you’re wasting valuable time that could be spent on other projects. And worse, it’s likely you’re needlessly leaving your infrastructure exposed because you don’t have insight into the short list of vulnerabilities you should be patching to shrink your attack surface—which is particularly important considering how easily employees can be fooled into giving up credentials, opening files or visiting web pages they shouldn’t, or worse.
A true modern vulnerability management solution applies extensive threat data, vulnerability intel, data science, and predictive algorithms to determine whether a specific vulnerability is a risk to you.
The truth is, people are fallible. And they’re much easier to compromise than infrastructure. So it’s vital to harden your last line of defense—while lowering the risk busy, distracted employees may pose to your Security operation and everything it’s designed to protect.