Security / Compliance

National Cyber Security Month 2019 Week 3 - Human error poses one of the biggest risks to organizations

By Cory Dzbinski / Oct 10, 2019

Phishing 9001

Human error poses one of the biggest risks to organizations

An organization may have a talented group of professionals, but the dirty little secret in cyber security, is that no matter how skilled employees are, they still represent the biggest risk. Research shows that human error ranks even higher for cyber risk than software flaws and vulnerabilities. So high, in fact, that it’s a contributing factor in more than 90% of breaches, according to a 2018 Ponemon study sponsored by IBM.


Email phishing contains the hook

In a phishing simulation with a 6,500 employee software company that does not provide cyber awareness
training, more than 500 employees clicked on a phishing email link, in under a second of the email being opened.


Awareness training contains the antidote

In companies that provide security awareness training for their employees, training results show that employee knowledge on security topics increase by 400% or more. These results demonstrate the need for training enforcement, that is delivered persistently over time, and that concentrates heavily on helping employees detect and avoid email-borne attacks.


It's all about awareness training

Awareness training should be considered mission critical and taken as seriously as any other security component. Many organizations are doing some kind of training, but the detail of how they're doing the training, is vastly important. Some types of training work, and some don’t. Educating employees on email security cannot be achieved through a single training session or non-interactive materials like corporate videos or mass produced pamphlets. Training should be interactive, include post-training testing, and have included supplemental materials for common areas and individual desks. In addition, this type of training needs to be conducted quarterly to stay top of mind.