The Middle Ground: Balancing Technology and Education for Sustainable Security

End Users: The Weakest Link in Cybersecurity

The Verizon “2022 Data Breach Investigations Report” highlights that end users create 82% of all preventable exposure events, primarily because of stolen or weak credentials. Since humans are still required to conduct business, organizations must take proactive action to reduce the odds of an event. But what form should that proactive action take?

Challenges with End Users

Traditionally, organizations have attempted to bridge the weaknesses of human nature and manual error by buying a tool, only to find that gaps and risks persist. Technology implemented in the absence of end-user education and good processes did not reduce their threat level. Education alone is also not the answer, as empowered end users struggling with unrealistic workloads are prone to errors that increase risks. A combination of both strategic user education and tactical automation of well-constructed processes is the winning recipe for sustainable success.

Information Gap

Most humans have daily interaction with technology. Therefore, there is a daily potential risk of a breach. Consumers take some level of care with their personal information but lack a fluent understanding of what their employer is comfortable with outside the organization. Absent clear data classification, users are likely to share sensitive company information simply because they were unaware it was sensitive. Bad actors exploit this user knowledge gap regularly and succeed.

The Role of Automation and Knowledge

Automation is a critical security puzzle piece. However, when implemented on top of a shaky foundation, it won’t increase security and compliance or reduce risk. Digital transformation and automation are foundational needs for sustainable security. Still, companies must pair them with proactive education to teach the user community what they should take care of and why they should protect it.

Use Knowledge and Automation in Tandem for Lasting Results

Tools without knowledge are a big invitation to circumvent defined processes. Publicizing the core values and baseline criteria for protection naturally improves user education and compliance levels. Organizations must reward employees for contributing to security efforts and reducing breaches due to preventable events. When employees contribute more to security efforts, it helps organizations better identify where they need technological help versus what their employees can handle.

The Middle Ground

Begin by creating a simple solution to a complex initiative. Identify the building blocks of zero trust and what to care about when, then communicate it, talk about it, and ensure users understand it. Establishing end-user accountability for security, as well as the tools and protection methods to enhance it, creates an environment of success and starts to chip away at that 82%.

Editorial and Advice

End-users have been the weakest link in cybersecurity and are mainly responsible for increasing risk. Organizations should aim to strike a balance between user knowledge and automation to ensure sustainable security. Strategic user education and tactical automation of well-constructed processes will help create a culture of security among employees. Organizations should create a simple solution to complex security challenges, establish end-user accountability for security, and reward employees for contributing to security efforts.

Moreover, companies must bridge the knowledge gap between employees and organizations about what is sensitive information, communicate the critical values and baseline protection criteria, and arm employees with the knowledge of what to protect and why. This approach cannot be successful without a clear zero-trust framework to guide actions and decisions.

End-users will continue to be part of digital transformation, and organizations should recognize it as a long-term challenge that needs to be addressed to create a sustainable security posture.