"Why Human Nature Often Trumps Security"
Globally, CEOs are most concerned about cybersecurity risk, with increased risks and awareness driving more investment in network defenses and security features. However, there is one threat that executives cannot avoid, which is humans. According to recent Verizon research, the human element remains a driving factor behind data breaches, accounting for 82 percent of all attacks. Many organizations believe that employees violate security protocols because they are malicious or do not understand the rules. Perry Carpenter, strategy officer at KnowBe4, suggests that if security policies make it difficult for employees to complete their work, they are less likely to comply. When it comes to reporting suspicious emails, organizations typically ask employees to follow certain guidelines, such as taking screenshots and entering relevant information, as well as attaching copies. While these steps add value to the security team, they also take time, thus creating a barrier for employees to overcome. Employees may also feel overwhelmed due to the pandemic and sudden shift in working environments. Security teams are encouraged to collaborate with organizations in taking care of employees' mental health. According to a recent study from the University of Central Florida, breaches are more likely to occur on days when employees are stressed, whether from family demands that conflict with work, job security fears, or even the demands of the cybersecurity policies themselves, which leave employees feeling monitored. This article continues to discuss why humans remain a significant threat to cybersecurity and what companies' security teams should do to improve human behavior regarding security practices.