By Brian Pinnock, EMEA VP of sales engineering at Mimecast
As the volume and stakes of cyberattacks continue to escalate, organisations are increasingly investing in innovative new services and equipment to thwart attacks. But, at the same time, many are still taking a customary, one-size-fits-all approach to securing perhaps the most critical threat vector: the human element.
Year after year, the human element consistently ranks among the greatest risk factors in cybersecurity. Half of the data breaches are initiated internally, and it is predicted that 90% of all data breaches around the world will involve a human element in 2024. The standard practice of mandated security awareness training isnt driving improvement as stolen credentials, data leaks and targeted phishing emails remain prevalent. To address this critical vulnerability, CISOs must take a more data-driven, tailored approach to mitigating human risk that goes beyond just training. It requires human-by-design cybersecurity.
Quantifying risk
Security awareness training helps but is inadequate as it treats every employee the same. In reality, some users are highly adept at sniffing out threats while others require additional support. Some subsets of users are targeted with greater regularity while others receive very few phishing attempts. As such, a human-centric security approach must begin with a detailed understanding of the organisations distribution of risk.
