"User Experience Plays a Critical Role in Cybersecurity"

Attackers shifted to endpoints when network security was tightened, and systems were secured by technology teams. Now that they are more secure, hackers are focusing on the next security chain's weak link, which is people. According to Stanford University research, human error accounts for 85 percent of security breaches. The FBI revealed that $6.9 billion was lost to scam artists using social engineering tactics in 2021, involving the use of deception to manipulate people into sharing confidential or personal information. In addition, a recent investigative report showed that compromised credentials caused 66 percent of breaches in 2021. The Biden administration issued the Executive Order on Improving the Nation's Cybersecurity (cyber EO) in 2021 in response to multiple high-profile breaches that affected the lives of many Americans, notably the Colonial Pipeline attack that resulted in gas shortages along the East Coast. The cyber EO required several key acts to be made to secure the country's networks and data, such as adopting a zero-trust architecture. Zane Bond, director of product management at Keeper Security pointed out that implementing technology may help agencies meet the security mandates, but it gives technology teams a false sense of security as focusing solely on technology ignores the human element in the security chain. Security teams have always responded when hackers attack the weakest link in the security chain. To protect networks, firewalls were built and strengthened, layered security protocols were implemented to prevent lateral movement, and endpoints were secured. Following the same strategy, technology teams must strengthen the human element. Understanding how employees work is the first step. Employees should be asked what they require to make their jobs easier, and it is essential to inquire about what they dislike about today's technology. Bond encourages companies to find the security tools that are right for employees' needs. Technology teams must take a human-centric approach to password security to combat cyberattacks. Human-centric password security ensures the zero-trust principle of least privilege. Organizations should know their users and allow access to only what they need, then constantly monitor them so that when suspicious activity occurs, security teams can intervene before the situation escalates. This article continues to discuss the human element as the weakest link in the security chain, the response to cyberattacks with technology, approaching security from the user perspective, and the importance of knowing user behavior to prevent breaches. 

MeriTalk reports "User Experience Plays a Critical Role in Cybersecurity"