Behind nearly every cybersecurity incident there’s a person who was either unwittingly duped or with malicious intent breached an organization from the inside. But as the rich array of experts in the Awareness, Decisions & Devices: The Human Layer of Security track at InfoSec World 2020 can attest, it’s possible to boost awareness and spark the kind of cultural change needed to bolster human-based security.
As Malcolm Harkins, chief security and trust officer at Cymatic, says, people are the perimeter. Managers, developers and business leaders so far have not adequately protected the perimeters that are left, Harkins says, noting that hygiene – device, data and credential – has lagged usage models.
Current approaches for awareness, accountability, and discipline for users, he contends don’t work and may instead raise cyber risk.
Organizations can understand the perimeter, Harkins says, when they understand motives and the economics of the issue, frame risks better and understand control friction and design to use it properly.
Despite the resources companies have put into training employees and raising awareness, social engineering still works – alarmingly well.