CP
cyberpings
Industry NewsMEDIUM

Rethinking Human Risk in Enterprise Security - A New Approach

Featured image for Rethinking Human Risk in Enterprise Security - A New Approach
CSCSO Online
phishingbusiness email compromisecredential theftsecurity awarenesshuman risk
🎯

Basically, organizations need better systems to protect against human mistakes in cybersecurity.

Quick Summary

Organizations are reassessing how they manage human risk in cybersecurity. Traditional training methods are falling short, leading to increased vulnerabilities. A new focus on structural controls is needed to protect against human errors.

What Happened

Organizations have been tackling cybersecurity threats like phishing and business email compromise using the same methods for over a decade. They invest in awareness training, run phishing simulations, and require annual security modules. While these efforts aim to help employees spot malicious emails, the reality is that incidents continue to rise. Business email compromise losses are increasing, and even seasoned executives can fall victim to scams. This persistent issue highlights a deeper misunderstanding in enterprise security strategy.

Who's Affected

The impact of ineffective security awareness training is widespread. Employees across various industries are at risk, particularly when they are pressured to make quick decisions. The narrative often shifts blame onto individuals when they make mistakes, such as clicking on a malicious link or approving a fraudulent transaction. This perspective overlooks the fact that human error is a constant in complex systems. The focus should instead be on whether organizational controls can anticipate and mitigate these inevitable mistakes.

What Data Was Exposed

While the article does not specify data breaches, it emphasizes that organizations are vulnerable to significant operational and financial harm due to human errors. The reliance on awareness training as a primary defense mechanism can lead to severe consequences when systems fail to account for human variability. Credential harvesting, phishing attacks, and unauthorized transactions are among the risks that can arise from inadequate security measures.

What You Should Do

Organizations must shift their approach to human risk by treating it as an engineering challenge rather than a behavioral flaw. This means implementing structural controls that do not rely solely on individual performance. For instance, high-value transactions should require multiple layers of verification, and identity infrastructure should continuously validate session integrity. By doing so, companies can create a more resilient security environment that minimizes the impact of human error. This proactive strategy will not only enhance security but also foster a culture of accountability and awareness without placing undue blame on individuals.

🔒 Pro insight: The shift from awareness training to structural controls reflects a deeper understanding of human error in complex security environments.

Original article from

CSCSO Online
Read Full Article

Share

Related Pings

LOWIndustry News

Hacking History - Exploring the 1990s Hacker Culture

This episode explores the vibrant hacking culture of the 1990s. Featuring insights from iconic hackers, it reflects on their lasting impact on cybersecurity. Discover how early hackers shaped the digital world we live in today.

Risky Business·
LOWIndustry News

Codex - New Flexible Pricing Model for Teams Announced

Codex has launched a pay-as-you-go pricing model for ChatGPT Business and Enterprise. This flexible option allows teams to scale their use easily. It’s a game-changer for organizations looking to adopt AI solutions without heavy upfront costs.

OpenAI News·
MEDIUMIndustry News

OpenAI Acquires TBPN to Accelerate AI Conversations

OpenAI has acquired TBPN to enhance global discussions on AI and support independent media. This move aims to engage builders and businesses in meaningful dialogue. The impact could reshape perceptions of AI and foster collaboration across the tech community.

OpenAI News·
MEDIUMIndustry News

Cybersecurity Apprenticeship Grants - Lawmakers Push for Action

Lawmakers are advocating for the Cyber Ready Workforce Act to tackle the cybersecurity workforce shortage. This initiative aims to create apprenticeship grants to train new professionals. With a deficit of nearly half a million jobs, swift action is essential to bolster national security and economic growth.

CyberScoop·
LOWIndustry News

Spectrum Consulting - Overview of Services and Solutions

Spectrum Consulting provides cybersecurity solutions to help businesses manage risks and respond to incidents. Their services enhance security resilience and protect against threats.

Arctic Wolf Blog·
MEDIUMIndustry News

Retail and Hospitality CISOs Expect Budget Growth and AI Challenges

A new survey shows that over 80% of retail and hospitality security leaders are adopting AI governance frameworks. This shift signals increased budgets and new challenges ahead. As AI becomes more prevalent, organizations must adapt to manage risks effectively.

Cybersecurity Dive·