Stu Sjouwerman – KnowBe4
Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture. It’s something we all know – employees that aren’t paying attention to corporate security aren’t helping. But new data from email security vendor Tessian quantifies this notion with some pretty surprising data. In their Psychology of Human Error report, they highlight a number of findings that highlight how very insecure users make your environment. According to the report:
43% of employees have made mistakes that compromised cybersecurity
25% of users have clicked a phishing email at work
45% of those clicking on phishing emails said they were distracted
43% of those clicking on phishing emails said it looked legitimate
Part of the problem is the reliance upon security solutions to provide users with a protective layer against email-based cyberattacks. According to the report, only 23% of employees have a mindset where they are continually concerned with cybersecurity. Organizations need to take a more human approach to maintain a security stance by incorporating users into the strategy. Using Security Awareness Training, employees are taught to be constantly mindful of cyberattacks, the social engineering tactics used, and to avoid becoming a victim by falling for these well-crafted attacks. By making suspicion and detection second nature for a user, organizations can reduce the threat surface and the likelihood that attacks dependent upon user interaction will succeed.
The Tessian report shows that human error is one aspect of the security strategy needing to be addressed. Security Awareness Training is the means by which to reduce this.