You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

The security gap: knowledge or behavior?

There’s something missing in cyber security today.

Security tends to be reactionary - an attacker first exposes a vulnerability; the security community subsequently develops a protective measure. Firewalls are a prime example of this process. Ten years ago, a company’s systems could be compromised simply by scanning exposed ports. The broad adoption of firewalls all but closed off this attack vector.

Fast forward to today: 9 out of 10 attacks are the result of a human making a mistake, opening the door to compromise.

To counter this, nearly every large organization has implemented security awareness training, designed to teach users how to spot a social engineering attack.

Problem solved! Right??

Quick reality check: Cyber attacks targeting human exploits are not declining. In fact, breach severity is increasing - specifically via email phishing, the most common form of social engineering. Phishing now accounts for 94% of malware delivery (2019 Verizon DBIR).

Attackers exploit human behavior, and this persistent problem needs a new solution. That solution requires developing safe online habits.

Behavior over knowledge

In the physical world, we teach kids to look both ways before crossing the road. You don’t send little Johnny out with a calculator to quickly determine the stopping distance of each oncoming car - that would be nuts. Instead, you instill easily repeatable behavior to keep him safe. As an adult, the behavior sticks. Why? Because it works! Oh, and it’s really simple.

Today’s security awareness programs focus on imparting knowledge for defense. To be secure, knowledge training requires every employee has to become a cyber sleuth. These providers instruct your people to look through every single hyperlink or email sender, crossing their fingers in hopes that busy/stressed/overwhelmed employees don’t make a mistake. It’s like teaching kids to play frogger with a really great calculator in hand. There’s a better approach to both.

INFIMA breaks the cycle of attacks by instilling safe behaviors. With frequent testing, we identify behavior vulnerabilities across your team. From there, we deliver targeted remediation to your most at-risk users.

With our incredible MSP Partners, we are solving the human problem in cyber security.

Ready to learn more? Connect with us here!

CompanySecurity
Joel Cahill

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.

You might also like

Pay a $1.7 Million Ransom or Else...

Pay a $1.7 Million Ransom or Else...

Hackers are getting smarter. To improve their chances of getting paid, hacker groups have added data exfiltration to their Ransomware. At best, this dramatically raises recovery costs, and at worst, causes irreparable damage to victims. Here's the latest story: After the infamous Maze Ransomware crew compromised New Jersey-based MDLab, they

Joel Cahill
Joel Cahill
Healthcare
FDIC Warns of Heightened Cyber Security Risks

FDIC Warns of Heightened Cyber Security Risks

The FDIC responded to increasing geopolitical risks (i.e. Iran post-Soleimani), with a statement "to remind supervised financial institutions of sound cybersecurity risk management principles." Financial institutions have recently faced fines and sanctions for avoidable cyber attacks. [Criminals] often obtain access to financial institution systems and networks by compromising user

Joel Cahill
Joel Cahill
Financial Services

Featured Posts

CIS Control 14 and Security Awareness Training

CIS Control 14 and Security Awareness Training

Let's Dig In: Security Awareness & Compliance

Let's Dig In: Security Awareness & Compliance

Cyber Insurers Tighten Requirements

Cyber Insurers Tighten Requirements