From: Harvard Business Review
***
Cyber attackers don’t need to have advanced hacking skills to break into corporate networks; they just need to know how to trick people into opening attachments and clicking on links. Phishing attacks are the cause of 90% of all data breaches and security incidents, according to the latest Verizon Data Breach Investigations Report. Clearly, employees are the main gateway into the organization for attackers. As a result, they are also the first line of defense. The Verizon report found that employee notifications are the most common way organizations discover cyberattacks. So arming these “sentry” employees with information they need to identity attacks is a critical part of a company’s overall security program — and yet most companies fail at this.
Security Shortcuts
One of the big reasons security rules often don’t work is because they are so complex they drive people to take shortcuts that defeat their purpose. For example, password policies are so complicated and inconvenient that most employees just ignore them. Employees are told to change passwords frequently, but researchers have found that when people are required to come up with new passwords every three months they tend to do things like merely capitalizing the first letter or adding a number on the end to save time. This makes passwords increasingly easier to crack. Being creative gets exhausting when you have to do it repeatedly, yet most companies force this on employees for the sake of security.
Leave a Reply