When you think of cybersecurity, you probably think of cutting-edge tech tools used to keep companies’ data safe from outside attacks. But the real threat may be less technical than most organizations realize: good old human error.
Over 80% of all
“I am not a fan of saying people are the weakest link — that implies it's their fault,” Spitzner says. “I like the term, ‘people are the primary attack factor.’ And why is that? Because we've not done a good job at securing people.”
Read More:
Less than 25% of security awareness professionals have experience in training, communications, HR or other necessary skills for effective teaching, according to the SANS report. As Spitzner explains, this is usually because big companies will typically have
“The human side of cybersecurity is literally an afterthought, and that is why people are so vulnerable. It's not that they're bad, weak or stupid — it's that quite often organizations invest in them so little,” Spitzner says. “The problem is, you have highly technical people in charge of the training. How do you engage your workforce? How do you make security simple for people? That’s hard to figure out for technical people.”
Not enough companies are thinking about
According to the Identity Theft Resource Center's 2021 Data Breach Report, there were 1,862 breaches last year, up 68% from the year prior, and exceeding 2017’s previous record of 1,506. And while
Read More:
“There are security teams who think people are not even part of their job,” Spitzner says. “And we know what people need to do —
The solution, Spitzner says, is investing as much money and resources into hiring full-time safety awareness staff with backgrounds in communications and people management instead of just tech. The silver lining? Organizations are starting to embrace that change and staff up.
“Many of the organizations I know have added a full-time dedicated security awareness team just within the past year,” he says. “What companies should be doing, I'm finally seeing it happening.”