The Weakest Link in Your Cyber Resilience Strategy Might Be Your People

No matter how much you fortify your critical infrastructure against cyberattacks, there’s a perennial weak spot: the people who use it.

One kind of end-user closely follows email security best practices and security policies. People in this group attend all your training and heed your recommendations and warnings. Ever vigilant, they check the sender’s address; look for sketchy links and attachments; and question requests that circumvent policy, have a super-tight deadline or ask for something that’s highly unusual, like transferring $100,000immediately. These employees see themselves as integral members of the corporate security team and are always asking what they should be doing to support your organization’s security program. They may seem like unicorns, but they do exist!

But let’s be honest. Most end-users are not members of this elite group.

Most employees receive all your warnings about email security and go to your cyber risk management training. But they assume the IT and security teams are doing the heavy lifting and that corporate security solutions are catching every malicious email. They assume that whatever lands in the old inbox is A-OK to open. Despite tons of headlines to the contrary, they still feel like clicking a link in a message couldn’t do that much damage to the entire company. And they know they’re too dang smart to fall for an impersonation email or spoof. There’s just no way they’re going to open an email, click the link or honor a fake request, infect the company/unleash malware or transfer money. C’mon!

Of course, this second group makes it harder to mitigate cyber risk.

“People are always going to be the weak link in cybersecurity,” insists Joshua Peskay, vice president of technology strategy at Roundtable Technology in Lewiston, ME. “Even as we implement more and more digital systems, those systems are still designed and implemented by people, and where they have vulnerabilities it will be because people made errors allowing other people to exploit [them].”

And that’s not just one person’s opinion. Almost three-quarters (70%) of office workers surveyed in part 2 of the 2017 Data Vulnerability Report from Intermedia reported their organizations inform and educate them on threats and cyber risk management.

But the message still isn’t getting through. “While companies do provide regular cybersecurity training,” the report’s authors state, “office workers continue to be lax on adhering to security best practices which can cause significant financial ramifications to organizations of all sizes.”

Training and advisories are important additions to cyber solutions. But as long as your organization involves humans, you must prepare for an email attack or scam.

This is why you need a cyber resilience strategy.

“I always recommend that companies think through strategies and decision-making processes well in advance,” says crisis management expert Bryan Strawser, principal and CEO of St. Paul-based Bryghtpath LLC.  He also advises running drills and walk-throughs of your plans “so that you are prepared when the critical moment hits.”

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Transforming your Organization into a Cyber Resilience Team

Educating your entire organization on ad…

Educating your entire organization on advanced security.&nbs… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Aug 07, 2017

3 Tips for Expanding your Organization’s Advanced Security Strategy

With a leadership team in place and a s…

With a leadership team in place and a set of known and like… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017

Cybersecurity vs. Cyber Resilience

What’s the difference between Cybersecur…

What’s the difference between Cybersecurity and Cyber Resili… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Jan 22, 2018