Don’t be the Weakest Link: Training your Staff

Early last year, International Data Corporation (IDC) forecasted that security spending would reach $81.7 billion in 2017, an increase of 8.2% from 2016. This increase is driven by enterprises – from Fortune 50 to small businesses – as they continue seeking a ‘silver bullet’. The economy produces dozens of new security vendors every month who promise to solve all our problems. Yet, according to a 2017 Verizon report, 43% of users are still falling for simple social engineering attacks, and 81% of users are still using weak or re-claimed passwords.

When people approach me with questions about this trend, my advice is always the same: We are all focusing on the wrong things. If we look at the fundamental shift in the security paradigm over the past five years, we can’t ignore the fact that traditional network boundaries are erased, while inherent trust from social media drives many of our decisions. Protection is no longer working, so we shift to detection and response. Each of us carries at least one computer in our pocket that is as powerful as our desktop was five years ago – and it is always on; always connected.

Technology and protection are necessary, but we must shift our focus to what matters most: The weakest link. Our duty as security practitioners is to focus on continuous user education and awareness, but we must be careful with the approach we take. When you are creating a security awareness program, consider these things:

And most importantly, as we embark on 2018, remember to focus on the weakest link!