We have all been served by a surly retailer whose made us feel that their job and life would be easier, if it weren’t for the customers. Alas, sometimes it feels the same applies in cybersecurity. Life would be so much better, if not for those pesky employees.
We all know the stats – employees are the biggest cybersecurity risk. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that nine in 10 (88%) data breach incidents are caused by employees’ mistakes. And this is costly. Research from Ponemon found that, in 2020 alone, data breaches cost a business an average of $3.86 million.
To date, businesses have tried to mitigate against this threat with awareness, training and policies. But as the statistics clearly demonstrate, this isn’t always effective. The situation hasn’t been eased by the COVID-19 pandemic.
Approximately a year ago, countries were thrown into lockdown with little to no notice. Employees immediately needed access to company data and systems from their own homes. In businesses with minimal or no existing remote working capabilities, IT and security teams needed to rapidly roll out solutions, carefully balancing reducing risk with usability.
Locking everything down too tightly may tempt employees to try and find workarounds so that they can just get on with their jobs, an effect which could only be exacerbated when everyone was under increased pressure and trying to adjust to the situation. Risk appetites had to be adjusted enable BAU to continue and it was key to give data-driven insight for leadership so they could manage this with all the facts in their possession.