Cybersecurity: is the human factor the main IT security problem?

a-propos-gatewatcher-d

Are employees really the biggest cybersecurity risk?


– Or is it due to a lack of technology?

Human or machine: Are employees truly the greatest cybersecurity risk, or does the real cause lie elsewhere in the company? According to Gartner*, 95% of all cyberattacks do indeed originate with the employee. However, it is also a fact that a large portion of attacks can be averted with the appropriate technology – long before the employee even comes into contact with a threatening detection situation. 

Cybersecurity: responsibility instead of neglect


A startling number of companies neglect their IT security in areas that could and should be efficiently protected by suitable technology. – And in case of an attack, they prefer to blame the employee who has fallen into the trap. 

Example: An employee receives a seemingly harmless phishing email, clicks the wrong link, and thus opens the door to attackers. 

However, what if their employer had ensured beforehand, through suitable and modern preventative email security systems (spam filters, phishing protection, etc.), that the malicious email could not have reached the employee in the first place? 

Human factor: securing the first line of defence


For hackers, the employee is the most attractive security vulnerability. This is because a company’s IT systems are diverse and complex, making them more challenging to “crack.” Humans, on the other hand, due to their predictable behaviour, are the easiest and most versatile “key” in cyberattacks. Therefore, they should be removed from the first line of defence – wherever possible. 

Security gains through technology


There is no denying that 100% protection does not exist. However, a significant portion of risks can be eliminated. On a technical level, for example: 

 

Prevention 

  • Firewall 
  • Spam filter 
  • General email security 
  • (Passwordless) password protection 

 

 

Early Detection 

  • Network Detection and Response 
  • Cyber Threat Intelligence 
  • Sandboxing 

 

 

By implementing these measures, companies achieve a high level of security because many attack attempts are nipped in the bud, or the attack surface is minimized from the outset. This protects employees across multiple levels, “from themselves,” and naturally alleviates the SOC. 

Cyber awareness: sharpening heuristics


If employers additionally foster the cybersecurity awareness of their employees so that they can sharpen their heuristics – develop a good gut feeling – they are (better) able to recognize threatening situations and respond correctly. 

Because – as mentioned earlier – there is no 100% protection. Thus, a professional spam filter may intercept 80% of spam emails; however, 20% still make it into the mailbox. But if the employee is then able to recognize them as such, the security level has reached its maximum. 

Human vs. Machine rule of thumb?


How much cybersecurity budget should be allocated to the human factor, and how much to technology? Each company must determine this within the framework of a risk assessment. There is no overarching rule of thumb. Budget should, in any case, be spent wherever technology can help filter out risks. Cybersecurity analysts in the SOC will also benefit if not only the greatest possible number of incidents and events are filtered out, which are known white = good or known black = bad but also if the gray area between white and black events is as small as possible. Because the “grayones are the crucial ones. Here too, technology can make a decisive difference and lead to significant savings. 

The role of AI in cybersecurity


Although AI is often used as an exaggerated marketing promise, there is a part that should be monitored: Generative AI on the attacker’s side! It generates texts for emails that are sometimes more convincing than manually written ones. Moreover, it should also be considered that the cybercrime industry has a considerable innovation budget. Therefore, companies should internalize here that “IT security is never done” and view developments around AI and their innovation speed as an opportunity. Because AI can help against AI and thus contribute to mutual recognition. 

Recommendations


The employee can certainly be part of the solution. However, it is better if the employee is as little a part of the solution as possible! 

Recommendations: 

Consider the employee as an active component of the billion-dollar problem of cybercrime. – Not as a security vulnerability. 

  • Avoid putting them in the detection situation – in the conflict of an attack. 
  • Ensure that your IT systems work for the employee! 
  • Empower and enable your employees to develop an instinct. 
  • Monitor developments and opportunities related to AI (in terms of augmenting or supportive intelligence). 
  • Ensure, with solutions as comfortable as passwordless authentication, that cybersecurity is not difficult to implement in suitable places. 
  • Develop a security culture at the organizational level, where security fatigue has no chance. 

Do you want to learn more about determining the minimum necessary technical security infrastructure for your company, how to remove your employees from the front line, and how to maximize SOC relief? 

Contact us!