Cybercrime is more prevalent than ever before. Phishing attempts, ransomware attacks, and other forms of breaches all reached in 2021, and there is no reason to believe that that trend will change anytime soon. all-time highs Cybersecurity specialists need to re-evaluate the way they focus on security in 2022. It’s becoming increasingly apparent that solving human risks within the context of work should be an utmost priority for CISO’s looking to secure their organizations. Here’s why focusing on the human element of security, particularly as it relates to workflows, is the most important component of cybersecurity today. People, not systems, are the real vulnerabilities If you’ve been paying attention to information security news, you’ve likely heard about the Log4j vulnerability and how devastating it is for cybersecurity posture. There have been many other instances where it seems like a flaw in computer architecture or coding languages will lead to catastrophe, but negative outcomes due to system vulnerabilities are not the leading cause of data breaches. It may come as a surprise (or completely expected depending on your worldview) that from Stanford found that research 88% of security breaches occur due to human error! Most people think of hacking as a scary person frantically typing behind a keyboard like a scene from the Matrix, but that’s not the case. While the Matrix-hacker is a threat, most breaches occur as a result of people disclosing information without authorization, failing to maintain personal device security, or falling for the ever prominent onslaught of phishing attempts. Although human risk has always been a major component of cybersecurity, Covid-19 and the subsequent transition to remote work in SaaS apps have made securing people more crucial than in the past. Remote work increases the number of risk vectors Remote work is here to stay. Remote employees feeling happier and more productive, and remote-first companies can save lots of money on office space and other administrative expenses. While the flexibility that remote work grants people is great, it also creates many more avenues for hackers to breach an organization. report A whopping 55% of employees using their personal laptops or cell phones for work purposes! reported Many companies equip their devices with antivirus software, firewalls, and other security controls, but there is no guarantee that employees are using these tools on their personal devices. And, there’s always a balance between locking down devices and productivity. All of these unsecured devices are sources of risk to company data or systems. Remote work also allows employees to work from home, at a coffee shop, at an Airbnb, or anywhere with wifi. Hackers will often set up fraudulent wifi networks to try and steal credentials from people who connect to them. Also, many public networks do not have sufficient security in place to prevent hackers from stealing information transmitted over them. Evolving workflows also create additional sources of risk In addition to the increased number of devices that must be secured due to remote work, the way we work today has complicated cybersecurity. Companies are spurning desktop applications in favor of cloud-based SaaS apps. These tools take away management overhead for companies, making SaaS apps fast to implement. The average number of SaaS applications used by companies in 2021!  Although they increase efficiency, these tools introduce additional layers of risk since they are managed outside of the organization. 68% of malware in 2021 was delivered via SaaS , a number that should terrify CISO’s everywhere. reached over 250 apps Another way workflows have changed is the number of integrations between applications. There are more ways to automate processes and integrate data than ever before. Actions like automatically exporting lists and importing support tickets into a centralized hub can significantly reduce the amount of manual work employees must do. However, automation and integrations also introduce new risks. For example, if you set up your Slack workspace to import files from a website on a recurring basis, there is the risk that your organization imports malware if a hacker is successfully able to penetrate the site. If you are a healthcare organization that exports billing records, there is a chance that someone without the authorization to view said records can access them. Companies must emphasize reducing risk within the flow of work The new way of remote work performed in cloud-based SaaS applications requires a renewed focus on reducing human risks inherent in SaaS app workflows. The best ways to reduce humans risks are: 1) Using tools to monitor SaaS apps. 2) Training employees on risk in the flow of work. We’re going to focus on #2. Companies are already working on the former and the rise of security reflects a mindset shift to one where all humans are seen as potential risks. zero-trust Security awareness and cybersecurity training is outdated for modern work. Popular courses focus on topics less relevant to remote work such as not writing down passwords on paper or not plugging in flash drives you find on the street. While those are decent tips, they don’t matter as much today when most threats are digital instead of physical. And, these trainings are often delivered on an annual or infrequent basis, outside the context and flow of work. One way organizations can reduce risk within the flow of work is by implementing event-based training. The concept of event-based training is simple; trigger training for employees when they do work activities that can potentially increase risk. Actions such as sharing files, creating new Slack channels, and clicking on links from external emails can be used to automatically assign employees relevant training. Training should be administered within the context of work to ensure it is actually effective. Annual check-the-box training for security awareness might make leadership feel good, but it doesn’t sufficiently reduce human risks. Conclusion: The way people work has changed a LOT over the past two years, and even more so over the past decade. As cyber threats continue to proliferate, effective security must be a priority for any organization hoping to stay in business. Evolving workflows have greatly increased human risk. As such, companies should tailor their training to make people understand how they can effectively protect themselves and their organizations in 2022. About the Author Haekka is a Slack-based (with a web option available) employee onboarding and training platform that trains employees within the context of real work. Haekka was founded by two leaders with over 20 years of cybersecurity experience, so they have witnessed firsthand how different security looks today as compared to years past. Haekka’s security awareness training was written for remote and hybrid companies looking to secure their evolving workforce with an emphasis on event-based training. For more information about Haekka, with one of our founders today! schedule a demo

Flow

People, Not Systems, are the Real Vulnerabilities in the Workplace

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

01/06/2018: Biggest Stories in the Cryptosphere

10 Things I Did To Increase CloudTrail Logs Security

10 Important 409a Valuation Compliances to Know

3 Real-World Use Cases of Blockchain Smart Companies

3 Solutions for Sharing and Managing Your Zoom Recordings

01/06/2018: Biggest Stories in the Cryptosphere

10 Things I Did To Increase CloudTrail Logs Security

10 Important 409a Valuation Compliances to Know

3 Real-World Use Cases of Blockchain Smart Companies

3 Solutions for Sharing and Managing Your Zoom Recordings

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps