This one hit closer to home.

“There are only two types of companies: those that have been hacked and those that will be hacked” -Robert S Mueller III, executive director of the FBI and special counsel into Russian interference with election (s) in the US. A combination of weak internal vulnerability management and the threat actor’s growing viciousness and ingenuity, supported by an abundance of AI tools and resources are contributing to an unprecedented increase in successful cyber-attacks.

It doesn’t always make the headlines but most successful cyberattacks depend on human element and our natural tendency for errors or ill-motive. In its 2022 Data Breach Investigation Report, Verizon states that 82% of breaches involve the human element.

In the current landscape, baseline cybersecurity hygiene and best-practices such as Multi-Factor Authentication (MFA) or system default password change and other configuration designed around the human intervention would only introduce avoidable vulnerabilities leading to costly incidents. Manual system security configuration could be automated, if possible, to reduce human error and potential misconfiguration. No investment in technology will produce desired outcomes on a sustained basis if the system fails to process valuable date safely.

However, your staff, who must interact with data and the system through which they are processed, are the missing link in Information Security. They must be equipped with education and the capacity to take responsibility for data and information they handle through continuous education and awareness.

An Information Security policy which does not prioritise user education and awareness as a foundational tenant needed a rejig.

#avixa #cyberawareness #avtweeps #iso27001 #nist #cyberdefense