"SANS Institute: Human Error Remains the Top Security Issue"

Human error continues to be the most effective vector for network infiltrations and data breaches. The SANS Institute security center recently released its annual security awareness report based on data from 1,000 information security professionals, discovering that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also assessed the maturity of respondents' security awareness programs as well as their effectiveness in reducing human risk. According to the cybersecurity training and education organization, the report confirms what has been observed over the last three years: the most mature security awareness programs are those with the most people dedicated to managing and supporting them. Larger teams are found to be more effective at identifying, tracking, and prioritizing the top human risks and engaging, motivating, and training their workforce to manage those risks. The SANS Institute study classified maturity into five levels, from least to most advanced: nonexistent, compliance-focused, promoting awareness and behavior change, long-term sustainment and culture change, and metrics framework. Although approximately 400 respondents said their programs promote awareness and behavior change, this figure represented a 10 percent decrease from the previous year's report. While many businesses are investing more into expensive IT security products and strategies, the report suggests that spending money on training and drilling employees on how to spot and block scams may be the best investment for businesses. Two of the top three threats faced by companies rely on social engineering tactics. Phishing attacks topped the list, followed by Business Email Compromise (BEC) attacks and ransomware. Even though ransomware attacks can be automated using scripted bug exploits, phishing and BEC attacks require a human scammer who can deceive an employee into disclosing sensitive account information and routing numbers. Based on the report, most ransomware attacks are initiated through phishing emails or the exploitation of weak passwords. This article continues to discuss key findings from the SANS 2022 Security Awareness Report regarding human risk remaining the biggest threat to organizations' cybersecurity. 

SearchSecurity reports "SANS Institute: Human Error Remains the Top Security Issue"