Human behaviour the weak link in cyber defence

So are humans really the weakest link?

A recent global study of 630 IT professionals conducted by Dimensional Research that was commissioned by Barracuda Networks, shows that 84 per cent viewed employee behaviour as the chief security concern, rather than inadequate tools (16 per cent). Although there was no consensus on the level of employee likely to fall for an attack, executives were viewed as most likely to be targeted because of the access they have.

However, frontline staff may be an easier target as they are not always aware of the risks of cyberattack, or understand the likely consequences.

While IT believes new tools such as artificial intelligence can help to identify and block cyberattack types in real time, 100 per cent of survey respondents believe that user training and awareness programmes are vital prerequisites to improving email security. The survey showed that only 77 per cent of respondent companies are training their employees. Larger organisations (over 1,000 employees) are more likely to do so.

According to IT research company Gartner: "Attack methods continually evolve to stay a step ahead of your security strategy. Therefore, it is paramount to train employees to be security-conscious critical thinkers who can leverage their knowledge in changing situations."

Email attacks are becoming increasingly stealthy and targeted, and cyber criminals have shifted their main focus from the largest organisations to smaller targets.

Organisations need to offer users more than just a traditional classroom-style approach. Being able to scale training, move quickly and be offered training at the convenience of each member of staff could make all the difference in an effective programme.

The Dimensional Research survey conducted on behalf of Barracuda also highlights the need for organisations to include training and simulation as part of their overall email security strategy, with 98 per cent of respondents saying their organisation would benefit from additional email security capabilities, including phishing simulation (63 per cent) and social engineering detection (62 per cent).

Organisations can take measures that train employees to understand the latest email attack techniques with advanced solutions such as Barracuda PhishLine. It spearheads the prevention of email fraud, data loss and brand damage by including in their solution the training and testing of employees to recognise highly targeted and socially engineered spear phishing. The solution is available in multiple enterprise-grade versions tailored to suit organisations of all sizes.

PhishLine helps humans to recognise the subtle clues that an incoming email is not in fact from the entity who claims to have sent it.

The solution uses a two-pronged approach to combat this ploy. First, computer-based training gives users a baseline understanding of the latest techniques being used by attackers. Secondly, it embeds learning into business processes by launching customised simulations that test and reinforce good user behaviour. A large library of curated content means faster time to value, while rich reporting and analytics provide visibility.

So, are employees really the weakest link in email security? And is end-user security training and awareness the missing link to complete a comprehensive email security strategy? Data suggests it's definitely a concern, and when we consider all the successful cyberattacks in the news these days, there's almost always a human element involved. Remember, links have to get clicked or attachments must be downloaded in order for these attacks to work.