used with permission from the Microsoft Secure Blog
by Ann Johnson, Vice-President, Enterprise Cybersecurity Group
As noted in the 2016 Verizon Data Breach Incident Report, 63% of confirmed breaches involved leveraging weak, default or stolen passwords, 30% of phishing messages were opened in 2015, and 12% of targets clicked on the malicious attachment or link. Given this, organizations of all types can make significant gains in their security posture by educating their user base on best practices for digital engagement and cyber hygiene.
Yet, headlines like this recent story in Dark Reading, The Sorry State Of Cybersecurity Awareness Training, speak to the reality that user education is one of the most under-invested and under-appreciated aspects of cybersecurity. Many organizations require an annual online training program to meet compliance requirements, but rarely invest in broad, robust, ongoing training that contemplates the changing threat landscape and the vastly differing roles of end users.
I’ve seen these same organizations invest heavily in tools to defend and detect within their environment, all the while overlooking the most vulnerable part of the security infrastructure – the end user. Forbes reported “more than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years according to a 2015 analysis of numbers from the Bureau of Labor Statistics by Peninsula Press” (January, 2016). Therefore, organizations cannot rely solely on technology or security professionals to keep their data and infrastructure safe and secure. Threats are evolving, spear phishing is increasing, and users are being specifically targeted. It is incumbent upon the industry to also change the way we approach user education.
There are several aspects to consider to educate users:
There is no silver bullet to addressing rapidly increasing threats. The combination of risk based policies, technology controls, solid audits and user education can go a long way at mitigating your organization’s risk.
Bryan Antepara: IT Specialist
Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers.
Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service.
He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms. Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.
The office worker of even 20 years ago could scarcely envision today’s dynamic and interconnected…
Artificial Intelligence (AI) has taken center stage, captivating attention primarily through its role in self-driving…
The ability to generate compelling, original images using AI is changing the way we think…
With Microsoft Dynamics 365 Sales, businesses gain a powerful tool for nurturing leads, leveraging AI-based…
Annual Channel Futures MSP 501 global ranking identifies industry’s best-in-class businesses on Tech Industry’s most…
Carl Mazzanti is the president of eMazzanti Technologies in Hoboken. You engage with vendors…