The Weakest Cybersecurity Link

A central component of every cybersecurity program is vulnerability management—identifying weaknesses in the organization’s security posture and implementing controls to address them. Unpatched operating systems, poorly configured firewall rules and unencrypted databases are all chinks in an organization’s cyber armor, but the most critical cybersecurity vulnerability is people.

Whether it’s an exhausted, distracted salesperson unknowingly clicking on a phishing link or a disgruntled network administrator exfiltrating sensitive customer data, an organization’s own people are the common denominator in most successful cyberattacks. The 2021 Verizon Data Breach Investigations Report showed that 85% of security breaches involved a human element.

Hybrid Workplace Vulnerabilities

Last year’s sudden shift to remote workforces forced by widespread COVID-19 lockdowns is giving way to hybrid workforces that are likely to be the new normal. This hybrid work era brings with it a multitude of security challenges, such as employees logging on from unsecured home networks or sharing work devices with family members. In a recent study, 74% of organizations impacted by a cyberattack pointed to remote work vulnerabilities as the cause.

The transition to remote work has coincided with a surge in social engineering attacks, such as spear-phishing. By compromising trusted email accounts, or leveraging publicly available information on sites like LinkedIn, adversaries are able to send legitimate-looking, well-crafted phishing messages that target specific employees. These attacks can be extremely convincing and difficult to detect, even for employees trained to identify phishing attempts.

Zero Trust

To adapt to the changing workplace, many organizations are turning to zero trust principles, which assume that all users and devices are potential threats. By implementing practices such as least privilege, multi-factor authentication and network segmentation, security teams can mitigate the risk posed by their own workforce.

The First Line of Defense

Another effective approach is to invest in cybersecurity awareness and training. A workforce that practices proper cyber hygiene is less vulnerable, and alert, cyber-informed employees serve as an added layer of defense, pointing out bad practices and reporting potential threats. Here are some best practices for training a hybrid workforce:

MBL Technologies offers general and role-based training, including both off-the-shelf curriculums to quickly meet a compliance or technical skills gap, and custom-built programs mapped to your organization’s specific workforce development goals. We can help transform your workforce from your organization’s weakest link to its first line of defense.

Learn more about our diverse set of technology services for the federal and commercial markets.