With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.
Log4j, ransomware, cloud vulnerabilities, phishing: Cyber threats are manifold. They all pale, however, in comparison to the security black holes that walk around on two legs.
Studies have shown that nearly all successful breaches stem from human error, be it failure to install security patches before an attacker exploits a vulnerability, lousy passwords, or falling into the web of lies spun in social engineering or phishing attacks.
A 2020 report from Stanford University found that nine out 10 data breaches are caused by users. Research from Stanford University and the security firm Tessian found that approximately 88 percent of all data breaches are caused by an employee mistake. Similar studies have confirmed these results going back for years: A 2014 report from IBM found that human error was “a major contributing cause” in 95 percent of all breaches.
According to IBM, the average cost of those breaches has been doubling yearly from 2020 to date.You can install cutting-edge artificial intelligence solutions or other modern anti-malware and threat detection software to detect anomalous behavior, but technical solutions only go so far, given that carbon-based life forms use them.
With massive social engineering attacks such as the Twitter hack and phishing attacks pushing ransomware – such as those following the Colonial Pipeline attack – it’s imperative for organizations to generate buy-in from executives for strong cybersecurity awareness and training programs that reach all employees.
However, these programs often aren’t tailored to individuals’ roles and responsibilities. They also tend to be boring. Darren Van Booven, lead principal consultant at Trustwave and cybersecurity training expert, visited the Threatpost podcast to talk about how the right cybersecurity awareness program should be conducted at the right pace by well-informed instructors.
What also doesn’t hurt: getting senior management to support decent cybersecurity training programs, bringing in notable speakers, making sure management is role-modeling good security hygiene, casting coworkers in cybersecurity awareness skits and/or passing out squeezie stress-balls shaped like phish.
Whatever it takes!
Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.