The government has just released its annual cybersecurity breaches survey – see here.
Unsurprisingly, phishing remains the biggest threat, with 86% of breached companies listing it as their most common cause of a breach, up from 72% in 2017.
The government has just released its annual cybersecurity breaches survey – see here.
Unsurprisingly, phishing remains the biggest threat, with 86% of breached companies listing it as their most common cause of a breach, up from 72% in 2017.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The government’s latest stats on breaches tell us what we already knew – phishing poses the greatest threat to companies and it is on the rise. A massive 86% of breached companies list it as their most common cause of a breach – up from 72% in 2017 – and 67% rate it as the most disruptive attack vector. The report states that “one of the consistent lessons across this series of surveys is the importance of staff vigilance” and that additional training (18%) is still the most common response to a breach.
It is time for companies to wake up to the fact that this approach clearly isn’t working. Staff are busy enough with their day to day roles without the burden of cybersecurity – we don’t expect the CISO to process invoices, so why do we expect the finance team to worry about the company security? Instead of setting unrealistic expectations and putting users through dull, patronising, one-size-fits-all training, security teams should be looking to tools that allow two-way conversations with users and enable them to gather intel on each individual’s likes, dislikes, frustrations and potentially risky behaviours. They can then asses which individuals, teams or departments require more security measures or tighter controls, instead of irritating all employees with overbearing, broad-brush solutions and policies that clearly aren’t working.