04/09/2024
The human element is key to a good cyber defense system, but cyber awareness programs do not always get the results you need. Awareness does not equal behavior. If it did, we would all drive the speed limit and never eat junk food.
"...a majority of cyber regulations, frameworks, and compliance standards such as HIPAA, GDPR, SOX, and PCI-DSS, don’t place much emphasis on social engineering. Technical controls such as firewalls, encryption, and backup and recovery get a lot of attention, but social engineering receives scant mention. Security teams are no different either, investing billions into cybersecurity technology every year, but neglecting to address social engineering, the major culprit behind successful cyber break-ins."
The industry needs to focus on the root cause of the vast majority breaches: human error.