Rule of three: Patching, training and least privilege (Part 2)
This is the second post in our “Rule of three” series. Today we’re going to talk about training.
User behavior is implicated in an estimated 60 to 80 percent of data breaches.(1) Our industry commonly refers to this as the human element of risk.
The problem isn’t malicious intent; it’s lack of knowledge. Employees generally want to do the right thing. They just need to know what that is. When they don’t know, their actions can undermine even the best, most hardened cyber security systems.
Cyber criminals have become savvy enough about human nature to be able to exploit it ruthlessly to their advantage. That’s why it’s not enough to patch the known vulnerabilities in our software and operating systems. It’s time to also patch the known vulnerabilities in our workforce. The way to do that is with effective training.
At RiskAnalytics, cyber security workforce training is one of our areas of focus. We have a dedicated creative team working closely with our RA Labs threat intel experts to identify the most salient threats affecting businesses today. Our creative team then develops engaging, effective video training to help our customers educate their employees on how to recognize these threats and avoid falling prey to them. We also create video training for managers and IT pros. Learn more about our RiskTool learning management system here.
Come back Wednesday to read the final post in our “Rule of three” series: the principle of least privilege.
1 Anschuetz C. The weakest link is your strongest security asset. Wall Street Journal blogs website. Available at: http://blogs.wsj.com/cio/2015/02/26/the-weakest-link-is-your-strongest-security-asset/. Accessed August 3, 2016.