A related problem is that users are often reluctant to report a problem because they fear the consequences of taking an action that puts the company’s security at risk. Such a delay in notification increases the time for malicious actors to cause significant damage. According to Verizon’s DBIR, it takes an average of 55 days for organizations to fix a significant vulnerability, and that time can translate into significant losses, from costly ransomware attacks, to damage to a company’s reputation.
CISOs can address this issue by continuing to foster a culture where everyone recognizes the important role they play in maintaining organizational security. Instead of contributing to a culture of fear by naming and shaming, CISOs can highlight people who have made smart security decisions and avoided accidents to serve as role models and turn events into learning experiences.
2. They prioritize comfort over safety
People are naturally inclined to find the fastest route to work, and that often translates into taking shortcuts that compromise security for convenience. Even tech workers are not protected when, for example, they import libraries into public repositories thinking they are safe, as they continue to be used to spread malware and steal passwords.
To avoid these vulnerabilities that can threaten systems, CISOs can set up automatic MFA alerts to avoid risks due to compromised passwords and restrict access to services that may put data at risk, including artificial intelligence or downloadable code libraries. CISOs should provide a list of safe alternatives to free services that company developers can refer to to get downloads scanned and verified free of malware.
3. They suffer from fatigue when awake
People often go into auto-check mode to perform repetitive tasks and issue frequent alerts, explains cyber security consultant Alexandre Blanc. Fraudsters exploit this by embedding their phishing attempts and other attacks in digital messages similar to what employees see all the time.
While it is possible to include alerts in those, the constant flow of alerts creates alert fatigue. Workers learn to tune out alarms and can ignore real threat warnings.
Source link