Human error is a highly sought out result that cybercriminals depend on. According to Verizon's 2024 Data Breach Investigations Report, 68% of data breaches in the past year were reportedly caused by human error, meaning that any employee that fell for a social engineering attack failed to keep confidential information secure. That could mean they clicked on a malicious link, gave login credentials over the phone, reused passwords or left their work computer open and unlocked in the middle of a café.
Companies need to begin restructuring and building cybersecurity controls to work with human limitations. A successful cybersecurity program works to reduce the dependency on the user to make the right decision, effectively engineering human error out of the equation. By understanding human nature, organizations can build controls that assume humans will make mistakes and works to mitigate those mistakes.
Cybersecurity controls need to change to work for humans. To do so, firms need to apply a basic understanding of human behavior into their controls. Here are four ways a firm can restructure or build their cybersecurity controls around human behavior: Expect clicks on malicious links, reduce access to data, minimize footprint with break glass access, and eliminate passwords.
Collection
[
|
...
]