What’s the weakest link in cyber security strategies?
3 mins
Human error is the cause or catalyst in 85%[i] of cyber security breaches. Often, company employees get the wrap for being at fault and are labelled as “the weakest link”. While it’s fair to say there’s a human element in most cyber breaches, it is not fair to leverage the blame entirely on users.
Here’s why.
Cyber security training is failing
The quality of cyber education, or lack thereof, is to largely blame. When employees truly understand how they are vulnerable, they can avoid the behaviours that could put themselves and company systems at risk.
In a lot of businesses, cyber security awareness training tends to stop at awareness rather than working to change risky behaviours and instil a culture of cyber safety. Cyber awareness training can’t be an information dump of overwhelming content. It must be personal and relatable, or it will remain adversarial and the disconnect between awareness and behavioural change will prevail.
It’s easier to ‘hack’ a human
Cybercriminals use inventive social engineering techniques to manipulate people into giving away sensitive information such as passwords and credit card numbers. It’s easier than breaking through technology. Employees need to know about these tactics, how to guard their emotions, and what actions to take or not to take. The mere fact that you received a phishing email is not sinister. It’s what you choose to do with it that’s potentially dangerous.
Better choices reduce cyber risks
Human error happens in several ways when there is a low perception of risks and roles. Skill-based errors happen when employees haven’t been shown the skills to identify scams or how not to respond to them. Other errors occur due to poor decision-making because they don’t understand the risks.
A lot of the time, employees unknowingly expose company networks and data by:
- Using unauthorised apps
- Browsing malicious websites
- Clicking on unsafe links in emails
- Respond to phishing emails, calls SMS and voice notes
- Sharing information on social media
Behavioural change must happen
Having a cyber security culture can create a stronger defence against cyber threats than the most robust technologies or any single policy or procedure. Awareness training that is effective at changing behaviour can reduce organisations’ risk of cyber threats by 70%.
Awareness and applying critical thinking are the basics of cyber-safe behaviour. Helping employees understand that they are also targets of cyberattacks empowers them to instil responsible, cybercrime-wise behaviours to protect their own social media profiles, bank accounts and identities.
By empowering your people with cyber-safe skills, you can transform them into a powerful first line of defence against cyber threats.
Do you like this article? To receive our monthly newsletter sign up for our newsletter here.
Empower your company with Security Awareness and become #CyberHeroes
Giving you the cyber-safe skills to transform into the first line of defence against cyber-criminals.