One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 7221248 |
| Date de publication | 2022-09-30 10:00:00 (vue: 2022-09-30 10:08:24) |
| Titre | How analyzing employee behavior can improve your cybersecurity posture |
| Texte | This blog was written by an independent guest blogger. Despite the ongoing rise in social engineering attacks, the idea that cybersecurity is only about technology manifests within most of our minds. Organizations often neglect human behavior's impact on their cybersecurity postures. Instead, they spend lavishly on endpoint security tools, threat hunting programs, and building incident response plans. Admittedly, these security measures are a crucial part of mitigating attacks. However, it is critical to remember the role of your employees in maintaining a robust cybersecurity posture, specifically as cybercriminals have been increasingly targeting and exploiting human behavior. How employee behavior impacts cybersecurity A study by IBM highlights that human error is the leading cause of 95% of cybersecurity breaches. Although human errors are by definition unintentional, generally caused by a significant lack of awareness, they can often result in adverse circumstances. In other words, an unsuspecting employee who accidentally falls victim to a phishing attack can expose their organization to significant data breaches, causing major operational, reputational, and financial damage. One such example is the Sequoia Capital attack, which was successful because an employee fell victim to a phishing attack. The company, known for being Silicon Valley's oldest notable venture fund, was hacked in February 2021. The attack exposed some of its investors' personal and financial information to third parties, resulting in significant damage to the company. Such attacks demonstrate the consequences of inadequate phishing awareness training that every organization must provide to its employees. In this sense, simulated micro-learning can be highly effective at teaching teams to recognize potentially malicious messages. A recent report by Hoxhunt found that after some 50 simulations, people’s “failure rates” plummeted from 14% to 4%. By being exposed to simulated phishing attacks over time, they became far more skilled at recognizing them. Beyond educational solutions, ensuring that your employees practice proper password hygiene is likewise critical. Although passwords have played a remarkable role in ensuring cyber security, relying only on a single password makes your organization vulnerable since it can be stolen or compromised. Your users might be ignorant of password security and keep generic passwords such as "12345" susceptible to brute force attacks and hack attacks. These practices are standard within an organization that doesn't deploy the use of secure password managers and has strict password security guidelines for employees to follow. How can your employees help maintain cybersecurity? The significant rise in social engineering attacks and the ongoing occurrence of data breaches due to human error have reinforced the idea that humans are the weakest link in cybersecurity. A workforce that can be distracted or tricked is indeed a liability. However, this narrative is hardly set in stone. With the below strategies in place, it’s possible to maximize team vigilance and circumvent much of the risk associated with human error. Integrate the principle of least privilege access The principle of least privileged access has become a crucial aspect of effective cyb |
| Envoyé | Oui |
| Condensat | “failure 12345 2021 about access accidentally according account acquiring activities actor actors additional adequate adhere administrator admittedly adverse after against allowed alone also although amidst amount analyzing any anytime apart application applications apps are aspect associated attack attacks attempt authentication awareness away background became because become been behavior being below best beyond blog blogger breaches breaks brute building businesses but can can’t capital carefully case cause caused causing chances checks circumstances circumvent claim classes clothing code comes common company complete complex compromised conduct consequences cracks critical crucial cyber cybercriminals cybersecurity daily damage data definition demonstrate deploy designed despite detect device devices distracted doesn due each easiest easy educate educational effective either eliminates email emails employee employees employees’ enable enabled enables endpoint engineering enhance ensure ensuring error errors essential even every example exercise experienced exploiting expose exposed factor falls far february fell final financial follow force found from fund gain gamified generally generated generic going guest guidelines hack hacked hacker hardly hardware has have having help helps hierarchy highlights highly hire how however hoxhunt human humans hunting hygiene iam ibm idea identify identities identity ignorant impact impacts implement implementation implementing implies importance improve improves inadequate incident including increasingly indeed independent individuals information insider insight instead integrate investors involves it’s its job jobs keep kinds known lack last lavishly lax layers leaders leading learning least liability likewise limited link log lost maintain maintaining major makes malice malicious manage managed management managers manifests many maximize measures menace messages method methods mfa micro midst might minds minimizes mitigating monitor more moreover most much multi must name narrative necessary need needs neglect normal not notable notice occurrence often oldest one ongoing online only operational organization organizational organizations other over part particular parties party password passwords people people’s permission person personal personalities philosophy phishing place plans platforms play played plummeted policies possible posture postures potentially practice practices principle privilege privileged process productivity programs proper provide prowling psychology range rate rates” received recent recognize recognizing reconnaissance regarding reinforced reliable rely relying remain remarkable remember report reputational request resource resources response result resulting right rise risk robust role secure security seminars sense sensitive sequoia services set sheep should show sign significant significantly signs silicon simulated simulations since single skilled slip social software solutions some soon specifically spend spread sso standard start step stolen stone strategies strengthen stresses strict strictly study studying success successful such surface susceptible targeting targets task teaching team teams tech technique techniques technology them therefore these third threat threats through time tool tools training tricked types understand unintentional unsuspecting upon ups use user users using utilize valley vendors venture victim vigilance vigilant vulnerable way ways weakest weaknesses well when which who will within without wolf words work workforce written year your |
| Tags | Hack Threat Guideline |
| Stories | Prowli |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.