New data shows IT leadership believes users outside of IT create a “continued significant risk to organizations” despite having a layered security strategy to prevent attacks.
When you consider most organization’s cybersecurity postures, it’s a mix of security software solutions, processes, policies, and people. In essence, IT and Security teams are ready (to varying degrees) for a cyber attack. According to security vendor Egress, in their Human Activated Risk report, 39% of organizations have 6 or more security solutions in place today.
But what about the users?
Are they even the slightest bit concerned about how secure your organization is? Do they know you face the potential of cyberattacks daily and that they personally may come in contact with malicious content on the web or in email? According to Egress, over half (56%) of IT leadership say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, should a cyber attack occur.
This is very concerning, given that 77% of Egress’ respondents saw an increase in security compromises since going remote 2 years ago, and see these users as a continued significant risk.
Each user within your organization can either help or hinder your cyber security stance. It can be as simple as clicking on a malicious link or attachment that has made its way past your security solutions that enables an attack to begin. Enrolling users in Security Awareness Training helps to minimize the human risk in every organization by teaching users to be vigilant, understanding that even an email that looks like it’s from someone familiar can be filled with impersonation and social engineering designed to get the user to aid the attacker.
Non-technical users are usually the easiest to fool; educating them makes them far more prepared – and even armed (with knowledge) – should an attack occur.