The Human Factor: Five Misconceptions Concerning Cybersecurity

The latest installment of Microsoft Office’s Modern Workplace webcast focused on the human side of cybersecurity.  On hand were two noted panelists to discuss this emerging angle of cyber preparedness.  Dr. Jessica Barker, Cyber Intelligence Advisor, and Phil Ferraro, CISO at Nielsen, highlighted that social engineering is nearly always leveraged in cyber-attacks.  In fact, the webcast panel stated that 95% of all cybercrime emanates from some form of a breakdown of the interaction between humans and technology.

While the human factor can be viewed from two sides, such a system misconfiguration or failed patch management, the most prominent faults from the human side arise from users simply clicking on links that should be avoided.  Thus, cyber criminals have played against our better natures by using psychology to manipulate us into taking actions that are detrimental to technical systems.  The discussion focused on ways in which cyber awareness training can be used to mitigate threats.

The myth that technical answers can respond to and defend against every cyber-attack was directly challenged by the panel.  As a result, five key points were given that challenged the belief that technical solutions can stand alone against a cyber-attack.  These five cybersecurity myths clearly involve shortcomings or misconceptions in human thinking.

  1. Cybersecurity is an IT function. It is safe to say that this was the overarching theme of the webcast.  The panelist encouraged end users to think of cybersecurity as a risk to the overall course of business rather than simply viewing it as the realm of the IT department.  Simply put, everyone has a role in advancing digital security.
  2. We’ve never had a breach, so we never will. This challenges the mindset of end users to think in terms of an ongoing defensive cyber posture. There’s no room for complacency in cybersecurity.
  3. We’ve invested a great deal of money, so we are secure.  Surprisingly, money is not always the answer.  In fact, there are many best practices to be employed that cost nothing to implement.  One such item is simply to pause and think before you click.
  4. We’re 100% compliant, so we must be 100% safe.  Compliance should never be confused with complete security.  Satisfying government mandates does not always equate to a hardened defense on the cyber front.
  5. We’re small – no one will come after us. Flying under the radar is no longer a sound strategy, as hackers have recognized that small often means fewer defensive measures are in place.  A short amount of research will indicate that SMBs have become ripe targets.

If you missed the Modern Workplace webcast, you can view it here. New episodes also air frequently. You can reach the panelist via Twitter: Dr. Jessica Barker, Cyber Intelligence Advisor @drjessicabarker and Phil Ferraro, CISO, Nielsen, @philferraro914.

Please note: this is a Microsoft Office-sponsored post.

Kenneth Holley, Founder & CEO (@kennethholley) - full bio.