10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Log4j, ransomware, cloud vulnerabilities, phishing: Cyber threats are manifold. They all pale, however, in comparison to the security black holes that walk around on two legs.
Studies have shown that nearly all successful breaches stem from human error, be it failure to install security patches before an attacker exploits a vulnerability, lousy passwords, or falling into the web of lies spun in social engineering or phishing attacks.
A 2020 report from Stanford University found that nine out 10 data breaches are caused by users. Research from Stanford University and the security firm Tessian found that approximately 88 percent of all data breaches are caused by an employee mistake. Similar studies have confirmed these results going back for years: A 2014 report from IBM found that human error was “a major contributing cause” in 95 percent of all breaches.
(Brought to you by SpecOps. Underwriters of Threatpost podcasts do not assert any editorial control over content.)
According to IBM, the average cost of those breaches has been doubling yearly from 2020 to date.You can install cutting-edge artificial intelligence solutions or other modern anti-malware and threat detection software to detect anomalous behavior, but technical solutions only go so far, given that carbon-based life forms use them.
However, these programs often aren’t tailored to individuals’ roles and responsibilities. They also tend to be boring. Darren Van Booven, lead principal consultant at Trustwave and cybersecurity training expert, visited the Threatpost podcast to talk about how the right cybersecurity awareness program should be conducted at the right pace by well-informed instructors.
What also doesn’t hurt: getting senior management to support decent cybersecurity training programs, bringing in notable speakers, making sure management is role-modeling good security hygiene, casting coworkers in cybersecurity awareness skits and/or passing out squeezie stress-balls shaped like phish.
Whatever it takes!
You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.
Check out our freeupcoming live and on-demand online town halls** – unique, dynamic discussions with cybersecurity experts and the Threatpost community.**
traffic.libsyn.com/digitalunderground/022222_Trustwave_Darren_van_Boofen_mixdown.mp3
cisomag.eccouncil.org/psychology-of-human-error-could-help-businesses-prevent-security-breaches/
thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html#:~:text='Human%20error%20was%20a%20major,in%2095%25%20of%20all%20breaches.&text=Mitigation%20of%20human%20error%20must,cyber%20business%20security%20in%202021.
threatpost.com/aliens-ufos-frontier-social-engineers/162939/
threatpost.com/category/webinars/
threatpost.com/microsite/threatpost-podcasts-going-beyond-the-headlines/
threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/
www.ibm.com/security/data-breach
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C